04-15-2024 09:42 AM
There is not a community discussion for issues implementing 10.2.9-h1
We have a maintenance window to push out 10.2.9-h1 Thursday evening and with recent issues with 1.2.7.h3 and other roll outs i am starting this thread for the community.
04-15-2024 02:10 PM
I attempted to update Panorama this morning (in preparation for upgrading firewall with GP installed) with a failed result. The error message was "Failed to install Panorama with the following errors. Label sysroot0 does not indicate a valid image"
This was the first time in 6 years I have had an upgrade fail.
04-18-2024 02:07 PM
last night upgraded panorama and 2 Azure VM firewalls to 10.2.9-h1 from 10.2.8 without any issues
tonight i will be doing 2 5220s (HA pair) with Global Protect and 10.2.6 with the workaround for the certs.
04-19-2024 10:25 AM
We finished the upgrade to 10.2.9-h1 last night
There were no issues with our 3- VM300 (new licensing in May) in Azure
I have a HA pair of 5220s with 2 different global protect portals and gateways
we updated the passive then promoted it to active This is when GP connections got a little wonky.
the connections were still showing up on the originator firewall and didnt transfer to the one activated traffic was showing through both some of the new connections were failing on the one GP that split tunneling was enabled. We upgraded the second firewall rebooted and we still had the connections showing up in both firewalls and some seemed duplicated and some were not.
The 5220s were on 10.2.6 with the workarounds and went to 10.2.9-h1
A TAC case will be created More to follow
04-22-2024 01:31 AM
Good morning,
We did our upgrade on the 15th April and have been having issues with sites failing to connect for perhaps 10 - 30 seconds ever since. Issue is intermittent and occurs several times a day, with no obvious reasons why.
Have opened a case with support but no resolution as yet.
04-24-2024 01:49 PM - edited 04-24-2024 02:26 PM
We updated to 10.2.9-h1 and we're seeing an issue with Panorama templates not working correctly for all interfaces. All Ethernet, loopback, tunnels, and SDWAN interfaces show 'none' for all virtual/logical routers, zones and IP Addresses even though values exist when queried in CLI. If I make a change to the template, Pano tries to push out these null values.
04-25-2024 08:12 AM
I just checked and i am showing the same exact issue with the interfaces VR and LR showing none on the template but it is showing correct in the _stack template. I have committed some policy changes since the the upgrade but not VR changes and it didnt change the stack template. were you making changes in your routers when it tried to push none to everything. I wont be making any changes till this is resolved. Let us know what TAC says about this when they get back to you. I have a TAC case open on the Global protect issue i had and will do the same
05-13-2024 11:16 AM
Palo has started to issue hotfixs for the various builds that addresses this issue.
|
PAN-251013
|
Fixed an issue on the web interface where the
Virtual Router
and
Virtual System
configurations for the template incorrectly showed as
none
. |
07-26-2024 01:30 AM
Hello, just to check on this as I am looking to upgrade and have seen a few posts about issues with Panorama upgrading to 10.2.9-h1.
Is there a patch to cover these in a later version?
07-26-2024 09:50 AM
I have been running 10.2.9.h1 since April due to the Certificate issues
Some hic-ups but no major issues and i am running Panorama physical appliances and VM's in Azure.
it looks like some of the Hic-ups have been addressed in 10.2.10 that came out end of June but has has 2 hotfixes since then.
Unless you are running 10.2.8 with the issues it had and aren't experiencing them plus you didnt have the issues with the April certificates, going to 9 or waiting till they get 10 ready for primetime it is up to you. I personally am waiting for 10 to go to Preferred because some of the hic-ups have been addressed and also hope it will address the new November 2024 certificate issue too.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
