Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Anyone having issues with PAN OS 4.0.7

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Anyone having issues with PAN OS 4.0.7

L0 Member

We have been contemplating upgrading our 4.0.5 appliances to 4.0.7.  Has any experienced any show stopper issues with this release yet?

Thanks.

16 REPLIES 16

L4 Transporter

Hello,

I have got customers using the 4.0.5 version and have complained about the Memorly leak and High CPU on DP. I have requested them to go over to 4.0.7 and since then I have not heard back from them with any issues with the 4.0.7 Version. It is a very stable and strong version and I would Highy recommend you to go with 4.0.7.

Thanks.

Is the stuck jobs while downloading fixed in this release?

L0 Member

Personaly, I just would like to let you know 4.0.7 is stable. Such OS I have installed on PA-500 cluster and after software upgrade it is working fine. It seems to work a little bit faster then 4.0.5 but it is my opinion.

L4 Transporter

Very stable. It's been running like a champ on our 2050s.

I concur, since upgrading to 4.0.7 we seen the memory leak on the management plane ( did not see this on dataplane ) resolved. Some of the issues within the release notes were applicable to our environment, to this end those fixes have worked as expected.

Some issues noted

1. We see alot of pan agent read-log alerts in the console since 4.0.7 upgrade ( when checking the connections there appears to be no problem so this may be spurious)

2. On one of my 2020's i sometimes still get the AV and application definition update downloads in a hung state. I have not see this on my 4020 HA pair however.

That said, thus far, 4.0.7 appears to be much better than 4.0.5 which caused some frustration.

As one of my team aptly put it.. he can sit and sip on a lemonade watching the packets flow by without spilling on himself...

Thanks for the input so far, i have our SE looking into the stuck download job issues, from what you tell me, it appears it has not yet been fixed. I've upgraded a pair of PANS to 4.0.7.  I'll update about how it goes.

I had just upgraded from panos 4.0.5 to 4.0.7 due to a data plane memory issue. Currently, I'm monitoring it to see how things go for the day.

As for the stuck jobs, try the following from the CLI:

1. show jobs all

2. Look under the status column for problems.

3. Make note of the ID column that's associated with the failed or stuck job.

4.. clear job id  IDNumber  Ex: clear job id 24

This worked for me everytime something goes wrong with the subcribed updates, can't download, and can't commit jobs.

Thanks that solves the current issue, its a pain to keep an eye on that each time, if you have other PANs. Palo Alto should release a fix monitors and fixes the main issue directly without people intervention.

I have had several clients upgrade to 4.0.7 and have not heard of any issues so far, but they have each been up for less than a week.

as a side note, 4.1 contains a monitor pop up that shows the jobs on the firewall, so you won't have to go to the CLI to check downloads.

A work around for the stuck jobs is to set a timeout on your dynamic updates to about 3 hours.

Correction Threshold is actually a setting for delaying when an update will be installed. I apologize for any confusion I may have caused.

Though a setting like that would be really awesome - please hit up your Sales Engineer if you agree.

James

L2 Linker

4.0.7 is running very smoothly on our network. We had some seroius issues in HA environment on our serverfarm network but this got resolved after upgrading to 4.0.7

Regards

Z

Im recanting my previous statement, after only one week of stability we experienced the dataplan resetting itself. We never had this problem previously .. its new since 4.0.7 and i believe some other customers have experienced the same issue as me.

Yep. Had the same issue last week.

We have a HA pair, so it really wasn't a problem.

L0 Member

Thought they said that 4.0.7 fixed the databack plane reset issues? Could it be its still not fixed?

correct although i believe a new bug is open so possibly a separate issue albeit same net result experienced.

  • 7432 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!