PAN-OS 8.1.3 in production environment?

Reply
Highlighted
L3 Networker

PAN-OS 8.1.3 in production environment?

Anyone running 8.1.3 in prod? I have a change window to upgrade this weekend from 8.0.3 to 8.1.x as we wish to make use of the split tunnel by URL feature in GP, but reddit has filled me with some horror stories
Highlighted
L5 Sessionator

Hey @welly_59

 

No 8.1 release has been cleared as recommended by TAC, so if you can forgo the split tunnel feature for a little while longer I would not recommend upgrading as of yet.

 

Likely the next 8.1 release looking to be "recommended" will be PAN-OS 8.1.4.

 

Cheers,

Luke.

Highlighted
Cyber Elite

I would highly advise against putting 8.1 into production.  You'll likely run into more problems than the benefit you'll get from the GP/split-tunneling piece.

Highlighted
Cyber Elite


@LukeBullimore wrote:

Hey @welly_59

 

No 8.1 release has been cleared as recommended by TAC, so if you can forgo the split tunnel feature for a little while longer I would not recommend upgrading as of yet.

 

Likely the next 8.1 release looking to be "recommended" will be PAN-OS 8.1.4.

 

Cheers,

Luke.


I'm not even sure 8.1.4 is going to be a "recommended" it'll be better than 8.1.3 < for sure, but from what I'm hearing you'll want to be on at least 8.1.5 before deploying 8.1 in your production environments.  

 

We've got a 3220 HA pair that we broke.  Hit a bug that was supposedly fixed in 8.1.3 (that's going to be "refixed in 8.1.4) and also hit a separate bug that's planned to be fixed in 8.1.5.

Highlighted
L3 Networker

Wow really that bad? I’m guessing my current 8.0.3 build is buggy as well?

Is there an eta on 8.1.4?

If I can give a timescale then I can probably push back to management, and just update to last 8.0.x release while I wait for TAC to advise.

The issue we have is that some users in Sweden need split tunnel by URL as some finance apps are blocked by geo-location. Our devices are in the UK
Highlighted
Cyber Elite


@welly_59 wrote:
Wow really that bad? I’m guessing my current 8.0.3 build is buggy as well?

Is there an eta on 8.1.4?

If I can give a timescale then I can probably push back to management, and just update to last 8.0.x release while I wait for TAC to advise.

The issue we have is that some users in Sweden need split tunnel by URL as some finance apps are blocked by geo-location. Our devices are in the UK

huh? 8.0.3?  I hope you're not running 8.0.3...What platform?  

 

if you're running 8.0 code your best best, and current TAC recommended, is to run 8.0.12.  At a minimum you should be running  8.0.8.

 

The 8.1.4 release got pushed back a week.  it was supposed to be this week, but again I'd wait until at least 8.1.5

 

8.1.5 should be about 6 weeks after 8.1.4 is pushed out.

Highlighted
L3 Networker

Yes 8.0.3 on a pair of 850s in HA.

I’ve only been responsible for these devices the last few months, and they haven’t been updated for a while.

Any well known bugs in 8.0.3 I could have been hitting?
Highlighted
Cyber Elite

Hello,

They are up to code release 8.0.13 so you might want to read the release notes as there were a lot of fixes and vulnerabilities patches since 8.0.3.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!