Has anyone ran into issues with PANOS 4.05?
My previous past experience with PANOS 4.0.x was not the greatest.
High CPU utilization, network latency, GUI issues, and logging issues were not
the greatest. The end result was tech support and rollback to PANOS 3.1.x.
We're about 1 week into using 4.0.5 and have only run into a couple issues, neither of which I consider to be show stoppers.
The first doesn't seem to be specific to 4.0.5 but it's an issue with administrator accounts syncing down from Panorama to the devices and shared authentication profiles not being useable outside of the Panorama context. Here's a link to the thread on that whole discussion:
The other issue that we're dealing with concerns ACC and I currently have a support case open for it. In the ACC tab it shows the list of top applications, but when you drill down into each specific application the sections for additional information such as "Top Users" and "Top Destinations" show "No matching records" even though the traffic logs exist and are viewable on the Monitor tab.
Other than those two issues, from a functional standpoint 4.0.5 has been pretty stable for us so far.
With the possible exception of an abacus its a fair statement to say no product is without issues. PAN-OS 4.0.5 has been deployed throughout the world in very large to very small, simple to complex networks, in most cases without issue. Of course this isn't to say that we haven't had reports of problems with this code or any past code, rather to point out that we are a responsive developer and if you do encounter a problem PaloAlto Networks is committed to addressing and resolving these issues in a timely efficient fashion. We are a customer driven company and we welcome any input good, bad or indifferent from our customer base.
issues i faced on a 4020 HA were:
1. firewall could not communicate with the PANAGENTS correctly resulting in our domain name being truncated. This inturn means that specific rules relying on a users to AD group membership resulted in them being denied access ( show user pan-agent user-IDs ). SSL VPN login denied for example.
2. Certain SSL decryption certs had to be re-imported.
3. Few app dependencies warnings appeared out of nowhere but easy enough to fix
4. SSL VPN custom portal page ( web login page ) was lost and had to be re-imported.
i hope this helps.
I'm only a few days into my 4.0.5 upgrade, from 3.1.8 and it was a very smooth upgrade. There were just a few small minor issues and from previous posts, it looks like I wasn't alone. I upgraded 3 HA Systems and each had different minor issues, that were easily fixed.
1. SSL-VPN Authentication Profile had to be removed and recreated along with the RAIUS Profile.
2. SSL-VPN Custom Portal page had to be reselected in the configuration page.
3. NetConnect 1.2.0 clients prompted for the Java Certificate Experation even if the clients had previously choosen to always trust the certificate.
4. Several URL Filter rules were detecting an overlap which caused a commit failure. After removing the unchecking the URL catagory that was in the error message the commit succeded.
5. Same ACC problem when drilling down on first day, but seems to be working properly today. Might have just need time to generate the logs, since the active units were changed after the upgrade.
All systems under 3.1.8 had CPU usage 20 to 50% consistantly, but after the upgrade and the CPU usage now run at under 5%.
Well, we've got a major problem with 4.0.5, which appears to be the same issue we were having with 4.0.4 until we rolled back to 4.0.3. The Dataplane restarts occasionaly for no apparent reason! This causes traffic to stop for about 10 minutes. We were told it was a known bug in 4.0.4 and that it would be fixed in 4.0.5. Apparently not. It's happened twice since Sunday. We are probably going to rollback to 4.0.3 yet again.
Anyone else run across this problem??
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!