PAN-OS 5.0.12 vs PAN-OS 6.0.2

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN-OS 5.0.12 vs PAN-OS 6.0.2

L0 Member

Hello All,

  I wanted to ask the community and the support engineers about the recommendation for PAN-OS for a new installation.

Given PAN-OS 6.0.2 came out about a month ago, can anybody comment on the stability of this version?   Anybody upgraded

to it, but had to revert back?

Thanks,

- Andrew.

7 REPLIES 7

L7 Applicator

Hello Apetrov,

PAN OS 6.0.2- This release is doing very well and this is the most widely used 6.0 release for PANOS.

PAN OS 5.0.12- This is a stable release.

Thanks

L7 Applicator

See a general discussion on the PAN OS 6 upgrades here.

Re: PANOS 6.0.2 release date

In general, I would stick with PAN OS 5.0.12 unless there is a compelling new feature in PAN OS 6 you would want to implement at the site.  We waited till 5.0.6 to move up from PAN OS 4.  The transition to PAN OS 6 does seem better, but there were still significant issues with basic protocols like ftp and RADIUS.  We will probably upgrade earlier in the release train with PAN OS 6 but I personally am not ready yet.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Hi Steven

Could You share info about radius issue? I'm on 6.0.2 and CP with radius authentication is working properly for me.

Also what kinf of FTP problem are?

Regards

Slawek

The reported issues with RADIUS had to do with special accented letters failing in user names after the upgrade from 5 to 6.

FTP had at least three reported issues with the upgrade.

All are listed as fixed in the 6.0.2 release notes.

Browse the resolved issues section of the release notes and you get a sense for the scope of the issues.  The list is better compared to the 5 launch, but not yet where it should be.  Everyone I've talked to in PA is working hard to improve regression testing and get these types of flaws down with each new release and much progress has been made.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L4 Transporter

So as usually the best option is use only ASCII characters in login name, it keeps troubles away from You everytime You have to integrate few systems together Smiley Wink

I know that 6.0.2. fixed some FTP issues, I thought of you know of any new.

L0 Member

I use to keep my firewall's PANOS up-to-date, after studying the release notes, I moved to 6.0.0 then 6.0.1 then 6.0.2, I believe all are stable I didn't see any abnormal behavior. since I moved from 5.0.10 to 6.0.x. except for the user agent identification. I'm facing a critical alert message, I didn't know does it related to PANOS upgrade or not.

L3 Networker

Upgrading from 5.0.8 to 6.0.2 was an adventure for us; we have upgraded the Panorama, then the 5020s and 3020s, but once the upgrade was done, we started encountering an issue where the devices in Panorama Device Group showed as Out of Sync; committing the configuration would fail to all of them with an error regarding two custom applications we created and spyware identification option, which would classify the applications as invalid. We moved to 6.0.3 as there seemed to be a fix (issue 63608); however, even after upgrading to 6.0.3, we had to remove the two custom applications from the Application Override and security policies on each individual device (HA peers would not sync the configs neither), then delete the custom applications from Panorama, then successfully commit the changes to the device group.

When we thought we were done with the issues, we are now trying to solve one on the 5020s, where the secondary device becomes the Active one, and the primary is not the passive but it displays this error:

HA peer.JPG 

We are not reverting back to 5.0 because there were features that we really looked forward to having (netflow stats, AGG interfaces monitored in SolarWinds), but trying to solve this one issue (so far).

  • 3207 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!