Per this discussion:PA-2000/4000 trade-in I am also caught in the same boat. From what I recall PAN-OS-5 worked ok on the PA-2020's. Because of all the issues I am experiencing with OS 6 and the inferior product, I am wondering if anyone had success downgrading their OS 6 back to 5. I know I have just over a year before that OS is EOL, but it also buys me a a year of hardware that is actually going to function better than it is now. It gives me a year to get my ducks in a row and buy different firewalls that will last more than 2.5 years too. I was just curious if you had any experience, but I will likely have to open a support tickets to make sure there are no more gotcha's.
I have rolled back our lab firewalls (PA500 and 4050) from 6 to 5 multiple times for various testing. All you need is the saved configuration on the device from the PanOS 5 to 6 upgrade.
This will lose any updates to the configuration made since the PanOS 6 upgrade. The config file formats are different so you have to roll back the config as well as the OS.
Based on the previous thread it looks like you are having commit issues. Although we do have some improvements in the commit process that improve commit time in 6.1, and the amount of data parsed when committing, we do have plenty that are using those platforms with PAN-OS 6 that aren't experiencing those issues. They may experience long commit times which is common on 1 Gent platforms due to other reasons but if you are failing 70% of the time that's a problme. If you still have support which is sounds like you do you may want to open a support ticket however if you have worked with support you may want to consider 6.1.PAN-OS 6.1 doesn't have to parse everything in each commit which can drastically shorten the commit time improve the commit success rate. If you chose to move to a 6.1.x version I would wait until 6.1.3 is released. Also you shouldn't have any issues rolling back. Always save your configuration and maybe even export your device state periodically as well.
thanks jperry1. When will 6.1.3 be released? I have a support case open at the moment - which was opened on Friday. No action has been taken at this point. Its even stranger that we have two sets and experiencing the same issue on both. Wonder if people just assume they are slow and don't say anything, or are they truly not having problems.
I'm also struggling to keep committed to PAN when standard support renewals, threat prevention, and URL filtering costs me just a little less than other FW products (with 3 year 24x7 support) that provide the same feature sets, faster hardware, etc. From a non-profit perspective it seems like a no-brainer to switch platforms.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!