Experience with PANOS 6 so far ?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Experience with PANOS 6 so far ?

L4 Transporter

I installed PANOS 6 on our Lab Box. Upgraded from 5.0.9. No problems so far.

Anyone else ?


L3 Networker

I installed PANOS 6...have some issue with ftp (known bug)

You need update the content version first, and after this you should have no problems for update at version 6.0.0

Got the same problem. Upgrade from 5.10 to 6.1 !

User ID do not match with "included user groups" and all traffic is denied.

Try and rebuild the userinfo.xml file using the following commands:

> debug user-id clear group all

> debug user-id reset group-mapping all

> debug user-id reset user-id-manager type user-group

> configure

# commit force

This will force the firewall to rebuild the userid.xml file based on a refresh from the LDAP server. If this doesn't work, give support a call so that we can take a look.

L4 Transporter

Hi guys,

also have problems with the user groups. any solution?

Not yet Smiley Sad

L4 Transporter

is the problem already reported to PaloAlto Support?

Dont think so. Havent found any article about it !

L4 Transporter

Just created a ticket...lets wait.

Great Smiley Happy

Not applicable

Try this as a work around until the bug is fixed:

Under Device > User Identification >Group Mapping Settings > Group Include List > Included Groups

If you have groups here, delete them all.

Commit and refresh/reset group mapping if needed.

L4 Transporter

Had a remote session with PaloAlto Support.

They found out, that there is a problem/bug with the translation of the group names : Policy was entered the name "Domain\Group name" but the mapping has just the "cn= .... " format.

To "solve" the problem temporary, use the cn=.... format in the Policies.

A bug fix is the development.

L2 Linker

check this link, other users experiment a data plane crashing in version 6.0.3

HA broken after upgrading to 6.0.3

what known bug is this?

What I found during our update was the PAN-OS 6.0 upgrade was treating the groups like users. Once I went through an deleted the old group and re-added them I found the the configuration line was referencing the entire LDAP search string.

We didn't have that many groups in policy so it only took an hour or so to fix.

  • 36 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!