09-03-2021 03:44 AM - edited 09-03-2021 03:48 AM
09-03-2021 11:49 AM
We've been testing 10.0.x and 10.1.x on our Panorama units and on our test firewalls. Unless you need a feature that 10.x offers, like IOT security or DLP, then there isn't much of a point. We've also had some issues with the logs loading correctly, sometimes it displays just random logs that are not the most recent. There was also a bug that caused the Panorama config export to fail and was just recently fixed on 10.1.2. We're also running a bunch of 220 firewalls which the management plane is noticeably slower on 10.x.
We're just going to downgrade Panorama back to 9.1.x and stick on that code train for a while.
09-03-2021 01:59 PM
Hello,
We are running 10.0.6 and the only issue we ran into was if you have more than one DNS entry in a security policy, some of the traffic may not match correctly and get dropped. Luckily it was only on one policy internally and we just swapped the dns entries with IP's.
Regards,
09-03-2021 09:07 PM
How critical is your environment, and how tolerable is your environment to disruption?
10.0.6 has become the default image across all of my environments, and its stable enough that I don't have any qualms recommending its deployment to the vast majority of environments. In critical environments or those that are intolerable to any outages I'm still recommending 9.1.
09-04-2021 08:13 AM
There are 75 new features in the 10.x software, all designed to improve your security stance within your company.
09-08-2021 05:30 AM - edited 09-09-2021 11:16 AM
Hey Gang -
Really appreciate the feedback. Upon further review I think I'll stick with the 9.1.X line until 10.1.x has a "preferred" version. As it stands right now 10.0.x has an EoL date of July 16, 2022, while 9.1.x has an EoL a full six months later of December 13, 2023.
09-09-2021 09:21 AM
For many of my customer environments I agree 10.0.6 is stable enough to recommend. The inline ML for URL and WF are good enough reasons by themselves, but I agree the 220s are hurt somewhat by the real time data. Many of my larger customers run 10.0 on perimeter and keep 9.1 on east-west for the time being.
10.1.x we may still be a few weeks/months out from preferred.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
