7.0.3 upgrade

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

7.0.3 upgrade

L4 Transporter

I am planning on upgrading the PA 5050 os from 6.1.7 to 7.0.3. I have been reading over the changes and I think it would be beneficial to see examples instead of description of what changes are , anyone have any recommendations

27 REPLIES 27

L6 Presenter

Curious what your desire to upgrade to 7.0.3 is?  With 7.0.4 coming out soon, you might want to think about waiting until it's released.

I just want to keep my os current. PA told me to wait for there endorsement before going to 7.03 and I was not aware that 7.04 was coming out. I would probably only go to the OS that was one below the latest and greatest until it is tried and recommended

 

If you decrypt ssl then better to wait and see if 7.0.4 has any fixes for it in release notes.

Some environments have random issues with 7.0.3

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

There are some "cool" features in 7.X that I wanted, but nothing business driving.  

 

I've been keeping in close contact with my SE, I suggest you do the same to make sure you get the right info, but from what i can tell 7.0.4 is going to be the "first suggested" version of 7.X as "stable."  I'd wait for that, but I'd confirm with your own account SE.

 

A side note.  7.1 is going to beta soon and the inital info I've seen there have been huge positive operational support additions to SSL/TLS interactions.

I have not found my SE very helpful, I rarely hear anything from him and little to questions I send him. But what I would really like is to be able to look at a box with the changes on it before upgrading to the newest version. I have read the release notes and there are 62 pages to it, granted I don't use panorama so I can skip that stuff. But as always my biggest concern is how is it going to change what I currently have configured and what are the benefits

If you must move to 7.x, I would wait for 7.0.4.  We were an early adopter to 7.x and have had quite a few issues with everything from SSL decryption issues to dataplane memory leaks (caused by SSL decyription).

 

You have two choices in my mind:

 

1) If you must go to 7.0.x for features, wait until 7.0.4 as it has the SSL decyrption memory leak bug addressed.

2) If you can wait, move to 6.1.8 and wait for 7.1.1+ as there are a bunch of improvements in general from this release of PAN-OS, specifically from what I hear better SSL decryption support.

 

- Matt

That's unfortunate about your SE...Mine's been good, especially with practical/applicable internal/NDA kinda stuff.

 

I've got Panorama on 7.0.2 only with 14 or so FWs from 5060s/3k/200s on version 6.X code.  The biggest thing I see is ACC is night and day different (In a positive way.)

 

There are some default behavorial changes but for the most part it's the same "function" with ACC being the 1 major change.  If you used ACC a lot in the past it will take some used to the new format.

Agree with @mlinsemier on going to 7.1.1.  Once 7.0.4 has been released I plan on upgrading our enviornment.  Then once 7.1.X comes out the TLS support is going to be dramatically improved.

I thought that the new os releases were about every other month according to my software updates but it almost sounds like they are always working on  a new revision.

Also when I do contact my SE he tells me to call into support for help.

The only thing I know for certain is that "patches" X.X.X are released every 6 weeks.  I'm not certain about the release cycle of new versions (X.) or major revisions/feature releases (X.X) from within a version.

 

I think the later two are "it depends."

Okay I never viewed them as patches before, that gives me a totally different perspective

I would avoid 7.0 2 or 3 at all costs. We upgraded and have had nothing but problems. SSL decryption stops working (stops passing traffic). The firewalls have buffer problems and stop passing all traffic. We were a happy PAN customer for 5 years and now I spend my days and nights nursing my Palo Alto firewalls and talking to TAC. 7.0.x is one of the worst versions of code I have seen in my 30+ years in IT.

 

 

AVOID, AVOID, AVOID!

I upgraded to 7.0.3 because I had to get 1-2 of the features it provided. luckily I dont use some of the services (yet) that have been really problematic for users. I would have stayed on 6.1.X if I could.

  • 11514 Views
  • 27 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!