Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PAN-OS 8.1.3 in production environment?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN-OS 8.1.3 in production environment?

L3 Networker
Anyone running 8.1.3 in prod? I have a change window to upgrade this weekend from 8.0.3 to 8.1.x as we wish to make use of the split tunnel by URL feature in GP, but reddit has filled me with some horror stories
7 REPLIES 7

L5 Sessionator

Hey @welly_59

 

No 8.1 release has been cleared as recommended by TAC, so if you can forgo the split tunnel feature for a little while longer I would not recommend upgrading as of yet.

 

Likely the next 8.1 release looking to be "recommended" will be PAN-OS 8.1.4.

 

Cheers,

Luke.

L6 Presenter

I would highly advise against putting 8.1 into production.  You'll likely run into more problems than the benefit you'll get from the GP/split-tunneling piece.


@LukeBullimore wrote:

Hey @welly_59

 

No 8.1 release has been cleared as recommended by TAC, so if you can forgo the split tunnel feature for a little while longer I would not recommend upgrading as of yet.

 

Likely the next 8.1 release looking to be "recommended" will be PAN-OS 8.1.4.

 

Cheers,

Luke.


I'm not even sure 8.1.4 is going to be a "recommended" it'll be better than 8.1.3 < for sure, but from what I'm hearing you'll want to be on at least 8.1.5 before deploying 8.1 in your production environments.  

 

We've got a 3220 HA pair that we broke.  Hit a bug that was supposedly fixed in 8.1.3 (that's going to be "refixed in 8.1.4) and also hit a separate bug that's planned to be fixed in 8.1.5.

Wow really that bad? I’m guessing my current 8.0.3 build is buggy as well?

Is there an eta on 8.1.4?

If I can give a timescale then I can probably push back to management, and just update to last 8.0.x release while I wait for TAC to advise.

The issue we have is that some users in Sweden need split tunnel by URL as some finance apps are blocked by geo-location. Our devices are in the UK


@welly_59 wrote:
Wow really that bad? I’m guessing my current 8.0.3 build is buggy as well?

Is there an eta on 8.1.4?

If I can give a timescale then I can probably push back to management, and just update to last 8.0.x release while I wait for TAC to advise.

The issue we have is that some users in Sweden need split tunnel by URL as some finance apps are blocked by geo-location. Our devices are in the UK

huh? 8.0.3?  I hope you're not running 8.0.3...What platform?  

 

if you're running 8.0 code your best best, and current TAC recommended, is to run 8.0.12.  At a minimum you should be running  8.0.8.

 

The 8.1.4 release got pushed back a week.  it was supposed to be this week, but again I'd wait until at least 8.1.5

 

8.1.5 should be about 6 weeks after 8.1.4 is pushed out.

Yes 8.0.3 on a pair of 850s in HA.

I’ve only been responsible for these devices the last few months, and they haven’t been updated for a while.

Any well known bugs in 8.0.3 I could have been hitting?

Hello,

They are up to code release 8.0.13 so you might want to read the release notes as there were a lot of fixes and vulnerabilities patches since 8.0.3.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes

 

Regards,

  • 3356 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!