cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Any issues not documented on version 8.0.6?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
OtakarKlier
Cyber Elite
Cyber Elite
‎12-06-2017 08:38 AM
‎12-06-2017 08:38 AM

Any issues not documented on version 8.0.6?

Hello Community,

Since the security advisories were released yesterday, we are looking to upgrade to the newer version. Has anyone experienced any issues with 8.0.6 from 8.0.5 that are not in the release notes?

 

 https://securityadvisories.paloaltonetworks.com/

 

https://downloads.paloaltonetworks.com/software/PAN-OS_8.0.6_RN.pdf?__gda__=1512621490_dc551bd77c01f...

 

Thanks in advance!

0 Likes
Reply
AnalysisMan
L3 Networker
‎12-06-2017 12:00 PM
‎12-06-2017 12:00 PM

I'm working on the 8.0.6 upgrade as well. Last Friday, I upgraded 3 set of PA-500s in HA from 7.1.x to 8.0.6, and it seems okay, no complaints yet. However, there are always bugs in there, and it triggers in different situations. So the final decision is yours.

--
"The Simplicity is the ultimate sophistication." - Leonardo da Vinci.
0 Likes
Reply
BPry
Cyber Elite
Cyber Elite
‎12-06-2017 12:23 PM
‎12-06-2017 12:23 PM

@OtakarKlier,

Not runnning into anything that isn't already a known-issue. It's actually been a suprisingly smooth upgrade cycle so far. 

0 Likes
Reply
MatthewSabin
L2 Linker
‎12-13-2017 02:15 PM
‎12-13-2017 02:15 PM

We put it in lab last week - no issues to report.

We'll start testing in the production environment after the holidays.

0 Likes
Reply
BPry
Cyber Elite
Cyber Elite
‎12-13-2017 02:16 PM
‎12-13-2017 02:16 PM

@MatthewSabin @OtakarKlier,

FYI, you'll want to move the version to 8.0.6-h3. One of the CVEs that was believed to be fixed in 8.0.6 is not. 

Reply
OtakarKlier
Cyber Elite
Cyber Elite
‎12-15-2017 08:23 AM
‎12-15-2017 08:23 AM

Hello @BPry,

I saw that note that was sent out and this was why we were upgrading. However since the hotfix is so new, we are going to wait a bit and let it bake in the wild for a bit. While I like living on the edge, bleeding edge is just too risky for my tastes.

 

Cheers!

0 Likes
Reply
EdwinD
L3 Networker
‎12-15-2017 02:26 PM
‎12-15-2017 02:26 PM

FWIW: regarding this vulnerability, I recently upgraded an HA pair of PA-3050's running 7.0.18 to 7.0.19.   I'm experiencing some issues with SSH connections.  I do not know if this is related or not.   I've also been running into errors causing commit failures.   These are errors I've never seen before though is reminiscent of a problem I recall from the PanOS 4.x days.   I would post the message had I not since cleared the logs.

 

What I've noticed is this:

  1.  LAN->DMZ SSH sessions are being dropped even though the destination IP is whitelisted.   This destination has decryption disabled by the destination IP address.  After many attempts to resolve the issue, SSH began working after I removed all security profiles from the security policy for this destination.
  2. LAN->WWW sFTP sessions are being dropped.  The destination is whitelisted and has SSL decryption disabled.  In this case there is no decryption profile assigned to the SSH proxy decryption policy rule.   After many attempts I was able to get this working within the latest version of WinSCP by turning on SSH decryption at the firewall.  Yes, enable decryption.   Yes, this is sFTP and not FTPs.  FileZilla still does not work.   It begins cipher exchange and then the connection drops.   From very limited testing, AIX sFTP does work as does Ubuntu sFTP.   The destination is secure2<.>benefitfocus<.>com on port 22.    The site is apparently running a version of GlobalSCAPE Enhanced File Transfer Server from 2007 (v. 5.1).

 

This may not be applicable to 8.0.6 and I am not 100% positive that this is a PanOS issue.  

0 Likes
Reply
AndyYerger
L2 Linker
‎12-19-2017 03:48 PM
‎12-19-2017 03:48 PM

After upgrading to 8.0.6 Dynamic Updates was showing 4 to 5 previous updates for download and install in each column of dynamic updates . I downgraded back to 8.04

0 Likes
Reply
clewis1
L2 Linker
‎12-20-2017 04:04 AM
‎12-20-2017 04:04 AM

we have been on 8.0.6 for a few weeks now and have been good (knock on wood). Running 5020s. 8.0.3 was a different story but good now.

Reply
OtakarKlier
Cyber Elite
Cyber Elite
‎12-20-2017 01:48 PM
‎12-20-2017 01:48 PM

Thanks all!

I'm still waiting for the 8.0.6-h3 to bake in the wild before deploying it. I'll update when I have my prod systems running on it. Right now only my little lab200 is on it but it doesnt really do much.

 

Regards,

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks