Any issues not documented on version 8.0.6?

@OtakarKlier,

Not runnning into anything that isn't already a known-issue. It's actually been a suprisingly smooth upgrade cycle so far. 

We put it in lab last week - no issues to report.

We'll start testing in the production environment after the holidays.

FWIW: regarding this vulnerability, I recently upgraded an HA pair of PA-3050's running 7.0.18 to 7.0.19.   I'm experiencing some issues with SSH connections.  I do not know if this is related or not.   I've also been running into errors causing commit failures.   These are errors I've never seen before though is reminiscent of a problem I recall from the PanOS 4.x days.   I would post the message had I not since cleared the logs.

What I've noticed is this:

1.  LAN->DMZ SSH sessions are being dropped even though the destination IP is whitelisted.   This destination has decryption disabled by the destination IP address.  After many attempts to resolve the issue, SSH began working after I removed all security profiles from the security policy for this destination.
2. LAN->WWW sFTP sessions are being dropped.  The destination is whitelisted and has SSL decryption disabled.  In this case there is no decryption profile assigned to the SSH proxy decryption policy rule.   After many attempts I was able to get this working within the latest version of WinSCP by turning on SSH decryption at the firewall.  Yes, enable decryption.   Yes, this is sFTP and not FTPs.  FileZilla still does not work.   It begins cipher exchange and then the connection drops.   From very limited testing, AIX sFTP does work as does Ubuntu sFTP.   The destination is secure2<.>benefitfocus<.>com on port 22.    The site is apparently running a version of GlobalSCAPE Enhanced File Transfer Server from 2007 (v. 5.1).

This may not be applicable to 8.0.6 and I am not 100% positive that this is a PanOS issue.  

we have been on 8.0.6 for a few weeks now and have been good (knock on wood). Running 5020s. 8.0.3 was a different story but good now.

Overall I've had a really smooth expereince overall with 8.0.5 and 8.0.6/8.0.6h3.   

One thing (and it could be completelty unrelated) I will point out is that I have ran accross two incidents where I seem to have a "stuck rule" in the firewall where the rule no longer exists in the config (which is pushed via Panorama) but yet the logs show traffic hitting the non-existant rule and being allowed or denied based on a previous seperately configured rule.  This seems to only have happened with some combination of me making sweeping changes to sub-interfaces, zones and zone names, policies, etc. as I am going through a giant redesign.  Restarting the firewall seems to resolve the issue.

I have not seen any issues with normal day to day usage.

We have picked up a problem on a PA-5260 running PANos 8.0.6. We have logged a call with Tac but maybe somebody has also picked up this problem.

We have a 1gb link to the internet and we have setup a QoS monitoringprofile on the external interfase. This is coonect with firbe to a SFP+.

The interface connects at 10GB and there are no errors. When we look at the QoS stats we only see between 40 and 60 Mbps but we do see a spike to 500 mb.

When we run a speed test from the internal to the internet we only get between 30 and 60 Mbps but when we connect to the switch on the external and run the speed test we get between 800 and 900 Mbps.

Has anybody else picked up this problem and if so, who was it resolved?