Changes to SSH communication method and ARP output format during upgrade

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Changes to SSH communication method and ARP output format during upgrade

L1 Bithead

Hello.

 

If we upgrade PA-450 from 10.1.6-h6 to 10.2 or 11.1 (or 11.2) series, is it correct to assume that there is no change in SSH communication method or ARP output format?

 

I am aware that there is no change as far as I can see from the release notes, but please let me check just to be sure.

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

I cant recall ever seeing an issue with either when upgrading a PAN. Both hold to pretty strict standards.

SSH https://datatracker.ietf.org/doc/html/rfc4253

ARP https://datatracker.ietf.org/doc/html/rfc826

 

Regards,

Cyber Elite
Cyber Elite

Hello @n-tomo

 

over past years I have done a few Firewall migrations / upgrades. I never came across an issue with SSH, however I run into an issue with ARP during migrations. By doing upgrades there will be no change in SSH or ARP, however you might run into a bug affecting functionality of either of the protocols. In earliest PAN-OS releases of 10.2 there are a few bugs related to ARP: PAN-221033, PAN-209346, PAN-207533, PAN-204838, PAN-199726. Regardless what target PAN-OS version you decide to upgrade to you should aim for latest recommended version that has all bugs addressed.

 

Kind Regards

Pavel   

Help the community: Like helpful comments and mark solutions.


@OtakarKlier wrote:

Hello,

I cant recall ever seeing an issue with either when upgrading a PAN. Both hold to pretty strict standards.

SSH https://datatracker.ietf.org/doc/html/rfc4253

ARP https://datatracker.ietf.org/doc/html/rfc826

 

Regards,


@OtakarKlier -- Palo has actually has such an issue when we were upgrading to a 10.1.X from a 10.0.X we had "weird" traffic not working issues.  In the end, it was because we had our NAT rules setup wrong.  Prior to the upgrade from 10.0.X to 10.1.X traffic worked just fine with the firewall matching traffic to the NAT policy, but in 10.1.9 (mid code) they changed how the device functioned regarding ARP (Ours was a single VR, not dual):

Brandon_Wertz_0-1738769371493.png

 

  • 452 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!