PAN Version recommended


Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Not applicable

PAN Version recommended


This is Paul Castro from ITstrap Mexico, i would like to know if there are a KB or documents to know wich are the recommended Operating System to install in different model devices.

For example:

PAN 200 install 4.1.6 PAN version "recommended"

PAN 500 install 4.1.4 PAN version "recoomended"

Thank you.

Paul Castro

Not applicable

Paul, I don't know if they have that listed.  I can tell you that we are running 4.1.5 and 4.1.6 in our environment of PA500/PA2020/PA2050s and I haven't encountered any problems.  The only thing I do is I don't get in a big hurry to update to the latest version because every now and then they release a version that has a serious bug.  For example, the release of the 4.0.0 code was so buggy that they pulled it and released 4.0.1 a few weeks later.

You also have to watch the Dynamic Updates because I had one that i installed that fouled up FTP access and they had to issue an emergency release to address it.

I know that doesn't really answer your question, but ultimately Palo Alto will probably "recommend" that you update to the latest release in a particular software train.

John Witte

L6 Presenter

There are like two schools when it comes to which version to use.

One is to not use the latest because "you dont know which bugs this will contain", which is somewhat true... which comes to the second opinion - use the latest version so you dont have any known bugs in your production.

I prefer the second method - use the latest version to avoid known bugs (which the latest version have fixed). Hopefully the releaseversions have been tested against some sort of QA at PaloAlto before released in public (compared to beta releases which one might expect be more buggy than final releases).

But as a disclaimer - avoid the first releases of a new major version (at least in production unless the major version fixes some bug you spotted in earlier versions).

For example avoid 4.1.0 and 4.1.1 (perhaps use them in your lab if you got any) but as soon as 4.1.2 is out I would install it and then install the latest from that branch as soon as its released (and as soon as possible due to maintenance windows etc).

Another tricky part is how to handle the URLdb and APP/THREATdb releases - in my opinion since they are about spotting bad code in your environment you should put both to "download-and-install". Yes there is a risk of false-positives but at the same time I would prefer a false-positive over a missed malware (due to slow updates of the db's at my end) in my production environment.

L1 Bithead



Please suugest the latest supported code for PA500. I am using 7.1.3 version now.





L7 Applicator

7.1.17 and 7.1.18 are currently recommended

if you intend to upgrade, 8.0.9 and 8.0.10 are currently also recommended

Tom Piens -
Like my answer? check out my book!
L1 Bithead

Thanks for the suggestion.


L0 Member

PAN-OS 7.1.19 is also out, does anyone know the recommended status for this version please

L7 Applicator

hi @TambaMansaMusa


As mentioned above: at this time 7.1.17 and 7.1.18 are recommended, 7.1.19 is not yet 'old enough' to be recommended

Tom Piens -
Like my answer? check out my book!
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!