- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-06-2017 08:38 AM
Hello Community,
Since the security advisories were released yesterday, we are looking to upgrade to the newer version. Has anyone experienced any issues with 8.0.6 from 8.0.5 that are not in the release notes?
https://securityadvisories.paloaltonetworks.com/
Thanks in advance!
12-06-2017 12:00 PM
I'm working on the 8.0.6 upgrade as well. Last Friday, I upgraded 3 set of PA-500s in HA from 7.1.x to 8.0.6, and it seems okay, no complaints yet. However, there are always bugs in there, and it triggers in different situations. So the final decision is yours.
12-06-2017 12:23 PM
Not runnning into anything that isn't already a known-issue. It's actually been a suprisingly smooth upgrade cycle so far.
12-13-2017 02:15 PM
We put it in lab last week - no issues to report.
We'll start testing in the production environment after the holidays.
12-13-2017 02:16 PM - edited 12-13-2017 02:17 PM
FYI, you'll want to move the version to 8.0.6-h3. One of the CVEs that was believed to be fixed in 8.0.6 is not.
12-15-2017 08:23 AM
Hello @BPry,
I saw that note that was sent out and this was why we were upgrading. However since the hotfix is so new, we are going to wait a bit and let it bake in the wild for a bit. While I like living on the edge, bleeding edge is just too risky for my tastes.
Cheers!
12-15-2017 02:26 PM
FWIW: regarding this vulnerability, I recently upgraded an HA pair of PA-3050's running 7.0.18 to 7.0.19. I'm experiencing some issues with SSH connections. I do not know if this is related or not. I've also been running into errors causing commit failures. These are errors I've never seen before though is reminiscent of a problem I recall from the PanOS 4.x days. I would post the message had I not since cleared the logs.
What I've noticed is this:
This may not be applicable to 8.0.6 and I am not 100% positive that this is a PanOS issue.
12-19-2017 03:48 PM
After upgrading to 8.0.6 Dynamic Updates was showing 4 to 5 previous updates for download and install in each column of dynamic updates . I downgraded back to 8.04
12-20-2017 04:04 AM
we have been on 8.0.6 for a few weeks now and have been good (knock on wood). Running 5020s. 8.0.3 was a different story but good now.
12-20-2017 01:48 PM
Thanks all!
I'm still waiting for the 8.0.6-h3 to bake in the wild before deploying it. I'll update when I have my prod systems running on it. Right now only my little lab200 is on it but it doesnt really do much.
Regards,
12-28-2017 02:54 PM
Overall I've had a really smooth expereince overall with 8.0.5 and 8.0.6/8.0.6h3.
One thing (and it could be completelty unrelated) I will point out is that I have ran accross two incidents where I seem to have a "stuck rule" in the firewall where the rule no longer exists in the config (which is pushed via Panorama) but yet the logs show traffic hitting the non-existant rule and being allowed or denied based on a previous seperately configured rule. This seems to only have happened with some combination of me making sweeping changes to sub-interfaces, zones and zone names, policies, etc. as I am going through a giant redesign. Restarting the firewall seems to resolve the issue.
I have not seen any issues with normal day to day usage.
01-04-2018 03:54 AM
We have picked up a problem on a PA-5260 running PANos 8.0.6. We have logged a call with Tac but maybe somebody has also picked up this problem.
We have a 1gb link to the internet and we have setup a QoS monitoringprofile on the external interfase. This is coonect with firbe to a SFP+.
The interface connects at 10GB and there are no errors. When we look at the QoS stats we only see between 40 and 60 Mbps but we do see a spike to 500 mb.
When we run a speed test from the internal to the internet we only get between 30 and 60 Mbps but when we connect to the switch on the external and run the speed test we get between 800 and 900 Mbps.
Has anybody else picked up this problem and if so, who was it resolved?
01-04-2018 05:44 AM
Looks like this behaivior is resolved in 8.0.7.
PAN-82070
Fixed an issue where PA-5020 firewalls supported a maximum bandwidth ( Egress Max) of only 1Gbps for classes of service ( Network > Network Profiles > QoS). With this fix, the Egress Max limit is 8Gbps on PA-5020 firewalls and 16Gbps on PA-5050 and PA5060 firewalls.
01-04-2018 07:19 AM
Thanks everyone for your comments. I guess we should start a new one of these for 8.0.7 🙂 since it has a few CVE's for vulnerabilities.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!