This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PAN-OS 5.0.12 vs PAN-OS 6.0.2

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN-OS 5.0.12 vs PAN-OS 6.0.2

apetrov
L0 Member

‎05-28-2014 05:39 PM

Hello All,

  I wanted to ask the community and the support engineers about the recommendation for PAN-OS for a new installation.

Given PAN-OS 6.0.2 came out about a month ago, can anybody comment on the stability of this version?   Anybody upgraded

to it, but had to revert back?

Thanks,

- Andrew.

Labels:
0 Likes Likes
7 REPLIES 7

HULK
L7 Applicator

‎05-28-2014 05:48 PM

Hello Apetrov,

PAN OS 6.0.2- This release is doing very well and this is the most widely used 6.0 release for PANOS.

PAN OS 5.0.12- This is a stable release.

Thanks

0 Likes Likes

pulukas
L7 Applicator

‎06-01-2014 08:57 AM

See a general discussion on the PAN OS 6 upgrades here.

Re: PANOS 6.0.2 release date

In general, I would stick with PAN OS 5.0.12 unless there is a compelling new feature in PAN OS 6 you would want to implement at the site.  We waited till 5.0.6 to move up from PAN OS 4.  The transition to PAN OS 6 does seem better, but there were still significant issues with basic protocols like ftp and RADIUS.  We will probably upgrade earlier in the release train with PAN OS 6 but I personally am not ready yet.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

_slv_
L4 Transporter
In response to pulukas

‎06-02-2014 02:04 AM

Hi Steven

Could You share info about radius issue? I'm on 6.0.2 and CP with radius authentication is working properly for me.

Also what kinf of FTP problem are?

Regards

Slawek

0 Likes Likes

pulukas
L7 Applicator
In response to _slv_

‎06-02-2014 02:26 PM

The reported issues with RADIUS had to do with special accented letters failing in user names after the upgrade from 5 to 6.

FTP had at least three reported issues with the upgrade.

All are listed as fixed in the 6.0.2 release notes.

Browse the resolved issues section of the release notes and you get a sense for the scope of the issues.  The list is better compared to the 5 launch, but not yet where it should be.  Everyone I've talked to in PA is working hard to improve regression testing and get these types of flaws down with each new release and much progress has been made.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

_slv_
L4 Transporter

‎06-02-2014 11:17 PM

So as usually the best option is use only ASCII characters in login name, it keeps troubles away from You everytime You have to integrate few systems together Smiley Wink

I know that 6.0.2. fixed some FTP issues, I thought of you know of any new.

0 Likes Likes

msedeeb
L0 Member

‎06-03-2014 01:04 AM

I use to keep my firewall's PANOS up-to-date, after studying the release notes, I moved to 6.0.0 then 6.0.1 then 6.0.2, I believe all are stable I didn't see any abnormal behavior. since I moved from 5.0.10 to 6.0.x. except for the user agent identification. I'm facing a critical alert message, I didn't know does it related to PANOS upgrade or not.

0 Likes Likes

MMCiobanu
L3 Networker

‎06-16-2014 08:49 AM

Upgrading from 5.0.8 to 6.0.2 was an adventure for us; we have upgraded the Panorama, then the 5020s and 3020s, but once the upgrade was done, we started encountering an issue where the devices in Panorama Device Group showed as Out of Sync; committing the configuration would fail to all of them with an error regarding two custom applications we created and spyware identification option, which would classify the applications as invalid. We moved to 6.0.3 as there seemed to be a fix (issue 63608); however, even after upgrading to 6.0.3, we had to remove the two custom applications from the Application Override and security policies on each individual device (HA peers would not sync the configs neither), then delete the custom applications from Panorama, then successfully commit the changes to the device group.

When we thought we were done with the issues, we are now trying to solve one on the 5020s, where the secondary device becomes the Active one, and the primary is not the passive but it displays this error:

HA peer.JPG 

We are not reverting back to 5.0 because there were features that we really looked forward to having (netflow stats, AGG interfaces monitored in SolarWinds), but trying to solve this one issue (so far).

0 Likes Likes
  • 3581 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks