Any issues with PANOS 4.0.5?

Showing results for 
Search instead for 
Did you mean: 

Any issues with PANOS 4.0.5?

L0 Member

Has anyone ran into issues with PANOS 4.05?

My previous past experience with PANOS 4.0.x was not the greatest.

High CPU utilization, network latency, GUI issues, and logging issues were not

the greatest. The end result was tech support and rollback to PANOS 3.1.x.


Wonderful.  4.0.3 was stable for us though.  We've already gotten the issue escalated, but they really need to fix this...

i am having the same dataplane crashing issue as well. not every day but it is still there, upgraded from 4.0.4 to 4.0.5 and this issue is not resolved.

Currently escalated to engineering. my boxes are 5020's is active-passive mode.

Not applicable

wr tried to update von Version 3.1.8 to 4.0.5 (4.0.1 was downloaeded before).

The update failed, because the autocommit job failed.(per CLI show jobs processed)

After Reboot, we tried to install 4.0.1. Here was the same failure, autocommit job Failed.

Then we activated 3.1.10 , and everything works.

Now, we wait for the support.

Are there any log.files, which show us the failure .

They are now telling me a fix will be in 4.0.6 which is due in mid-October.  With a bug this significant, you'd think they would have pulled 4.0.4 and 4.0.5 until this was corrected!  Very disappointing...

Same here, Working with engineering on this and disabled zone protection,DDOS and also any block changes in profiles and it's still an issue. I am sure more tech dumps to follow today.

I believe the dataplane must be restarted after removing any profiles with Block IP actions in order to avoid the problem. If you have done that and it is still happening, be sure to mention that to support as it would indicate that the issue might be different than the one being addressed in 4.0.6.


Indeed! I got the message last night just to do that right after it had restarted itself.  Already updated my case as well with that info.

This may be a dumb question, but what do you mean by Block IP actions?

I created a vulnerability protection policy for SSH bruteforce attacks and changed it fromt he default action of alert to block.

That is what was at issue in my case. Hope that helps.

Ok issue at hand is the problem keeps resyncing across the data plan, you litterally have to make sure that you stop everything hitting the block counters.  Enter this on one of your systems 'show counter global | match blk' (no quotes) if you have negative numbers then call support asap!

This is what we did for a active passive 5020 cluster. once we got everything that was triggering the block counter disabled.

disable sync between the FW's passive then the active nodes, reset the passive dataplane, fail over taking a session hit to the passive node, then reset the data plan on the second FW. reenable the HA data sync on the active then the passive nodes.

Verify that the blk is not incrementing any more and hope that stability ensues again.

4.0.6 fixes this issue, then you should be able to enable the blocks again. two weeks is the estimated time from engineering.

BTW Gary! Awesome job getting figuring this out.

Thank and hope it helps


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!