This is Paul Castro from ITstrap Mexico, i would like to know if there are a KB or documents to know wich are the recommended Operating System to install in different model devices.
PAN 200 install 4.1.6 PAN version "recommended"
PAN 500 install 4.1.4 PAN version "recoomended"
Paul, I don't know if they have that listed. I can tell you that we are running 4.1.5 and 4.1.6 in our environment of PA500/PA2020/PA2050s and I haven't encountered any problems. The only thing I do is I don't get in a big hurry to update to the latest version because every now and then they release a version that has a serious bug. For example, the release of the 4.0.0 code was so buggy that they pulled it and released 4.0.1 a few weeks later.
You also have to watch the Dynamic Updates because I had one that i installed that fouled up FTP access and they had to issue an emergency release to address it.
I know that doesn't really answer your question, but ultimately Palo Alto will probably "recommend" that you update to the latest release in a particular software train.
There are like two schools when it comes to which version to use.
One is to not use the latest because "you dont know which bugs this will contain", which is somewhat true... which comes to the second opinion - use the latest version so you dont have any known bugs in your production.
I prefer the second method - use the latest version to avoid known bugs (which the latest version have fixed). Hopefully the releaseversions have been tested against some sort of QA at PaloAlto before released in public (compared to beta releases which one might expect be more buggy than final releases).
But as a disclaimer - avoid the first releases of a new major version (at least in production unless the major version fixes some bug you spotted in earlier versions).
For example avoid 4.1.0 and 4.1.1 (perhaps use them in your lab if you got any) but as soon as 4.1.2 is out I would install it and then install the latest from that branch as soon as its released (and as soon as possible due to maintenance windows etc).
Another tricky part is how to handle the URLdb and APP/THREATdb releases - in my opinion since they are about spotting bad code in your environment you should put both to "download-and-install". Yes there is a risk of false-positives but at the same time I would prefer a false-positive over a missed malware (due to slow updates of the db's at my end) in my production environment.
7.1.17 and 7.1.18 are currently recommended
if you intend to upgrade, 8.0.9 and 8.0.10 are currently also recommended
As mentioned above: at this time 7.1.17 and 7.1.18 are recommended, 7.1.19 is not yet 'old enough' to be recommended
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!