11-23-2015 05:52 AM
I am planning on upgrading the PA 5050 os from 6.1.7 to 7.0.3. I have been reading over the changes and I think it would be beneficial to see examples instead of description of what changes are , anyone have any recommendations
11-24-2015 01:05 PM
What services are you referring too?
11-24-2015 01:14 PM - edited 11-24-2015 01:16 PM
I agree with @john.langford and couldn't have said it better. We are actually going to downgrade a few active/passive firewalls running 7.0.3 to 6.1.8 just to resolve issues with SSL decryption / dataplane memory leak bugs. We experienced them in 7.0.1 as well.
I'm hoping 7.1.x gets a more rigorous QA to avoid these types of issues. Basically in my mind if you want to run SSL Decryption and 7.0.x, it's not if, its just when will your SSL sessions stall or SSL buffers run out before you have to reboot / restart the dataplane. I'm actually surprised that the software posted hasn't been deffered.
Love the product however I am not sure what happened with 7.0.x.
-Matt
11-24-2015 01:26 PM
Great information latest and greatest isn't as important and most stable
11-29-2015 02:08 PM
Hi all
As @mlinsemier, john.langford@aplp.net and others already said. Unless you do not really need the features of 7.0.x STAY WITH 6.1.X!
Thes is just the short list of bugs I know and also experienced:
I also agree with you all with the point that I still really like the PaloAlto Products, but there have to be big, really big quality improvements in 7.1 to restore the trust into the product I once had.
Regards,
Remo
12-02-2015 11:33 AM
We have 37 firewalls (from 5000 to 200 ) managed with Panorama 7.0.3. I love template and device group stacking feature, new ACC look. 15 of them running 7.0.3 the rest is on 6.1.7. I dont see any issues on 7.0.3, but we dont use SSL decryption or GP, any other features works just as it suppose to.
12-02-2015 04:43 PM
Does the code 7.0.3 have issues with GP too? Please let me know.
12-03-2015 04:55 AM
No idea what PAN did in version 7, but it seems that the QA process just isn't there. Unfortunately we made some changes with our policies in 7.0.3 and cannot easily revert back to 6.1.8. I am forced to fail over my FWs every morning and reboot just to keep the dataplane passing traffic. I hope this bug is addressed in 7.0.4 and also hope that staff from PAN is reading these posts as numerous people have this problem.
12-03-2015 06:10 AM
We use GP so we are going to hold off untill the next version
12-03-2015 12:00 PM
I think I am on the same boat as you on the GP. Thanks. Hope there is a fix on next updated code. Our customer is becoming upset.
12-07-2015 10:16 AM
What is the ETA for 7.0.4?
Thanks
12-07-2015 11:05 AM
@dfeddersen From what I recall it was December 21st for 7.0.4 release.
12-08-2015 06:30 AM - edited 12-08-2015 06:39 AM
There is another GP related bug on 7.0.3. When using domain names for LDAP instead of IPs, GP cannot resolve the domain name so you get plethora error messages in authd.log telling you the LDAP server is down. A workaround is to use a FQDN object, but even that is very temperamental; it'll work and then suddenly stop for no apparant reason. Kind of sucks as I purchased a 3rd party cert so that I could verify the SSL sessions for the LDAP servers and now I can't even do that.
Looks like a typical case of people at the top pushing for deadlines and overlooking quality which results in shabby work.
03-15-2016 01:19 PM
I have been on 7.04 since Dec 2015 and now 7.0.5h2 and thankfully the SSL decryption problrems have been resoved. I would feel safe recommending 7.0.5h2
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
