08-30-2017 01:05 AM
We had problems with AD after installing content version 729 this morning. Users were authenticated, but the logon process (group policy, drive mapping) was painfully slow. After we reverted to version 727 everything was OK again. The strange thing is that I see no traffic to our AD controllers being stopped by the firewall.
Anybody else seen this? We're using two PA-5050 in HA (active/passive) running PAN-OS 7.1.10.
08-30-2017 10:20 AM
We also had this problem and committed an Any on the Service for AD to work. We were about to test what the issue was when we saw the PA update on 729. We are reverting to 727 and deleted 729.
Written by Edward Millington
08-30-2017 10:22 AM - edited 08-30-2017 10:24 AM
Please refer to the following Palo Alto Networks Customer Advisory available at:
08-30-2017 10:27 AM - edited 08-30-2017 10:29 AM
@cdp181 wrote:Our Palo partner suggested a 72 hour delay on content updates. Interestingly you don't seem to be able to configure a delay in Panorama only on the devices themselves.
FYI on panorama 7.x.x and above I think this option is available. It may be available prior to that release but I cannot confirm,.
08-30-2017 10:29 AM
We're running several pairs of PA-3050's in A/P on 7.1.11 with no issues reported at 729. We've reverted to 727 just to be safe.
08-30-2017 10:40 AM
We had trouble with SAP printing but only with destination printers using Kyocera Prescribe
The packet trace shows retransmit because of a missing ACK, but I didn't have time to dig deeper.
All the other problems didn't seem to hit us, alt least not to a degree where the complaints made it to me.
08-30-2017 11:05 AM
We will send PA out Techsupport file. Our traffic was low to cause any issues with buffers, but any info to help them will be sent.
08-30-2017 11:16 AM - edited 08-30-2017 11:17 AM
We had major performance issue on our extranet web servers. We reverted back from 729 and issue resolved itself.
PA-500 in HA running 7.1.10
PA-3020 in HA running 7.1.10
08-30-2017 11:18 AM
@gbprotect wrote:Can anyone confirm that issues are with 729 only? We have firewalls on 728 and have not had any reported issues.
728 works okay. We had issues with active directory communcation (presumably LDAP) on 729. Reverting to 728 resolved the issues.
08-30-2017 11:25 AM
we have 3050 HA pair active/active, a bunch of 3020 and some 500 and 200, all running OS 7.18, using threat 729
no user complaints so far
08-30-2017 11:28 AM - edited 08-30-2017 11:33 AM
We had been experiencing AJP (TCP 8009) issues between our Web servers and JBoss servers all morning. Reverting to 727 fixed our issues.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
