Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-10-2011 09:52 AM
Since upgrading to 4.0.1 - in the Security Policy - under Source User - if I try and change the user type it ignores what I've chosen (eg Known User to Unknown User) and default to "Any" - then won't allow me to change it at all!!! Has anyone else experienced this?
Also as other people have stated - the GUI seems much slower and creating things looks to be taking longer. I've got my PAs in the testlab - I'm tempted to downgrade to 3.1.7 create my large policy then upgrade to 4.0.1 (once the above issue is sorted!!).
03-10-2011 02:05 PM
Yes, I noticed a couple of interface issues in PANOS 4.0.1, though I can't recall the specifics now. I couldn't specify the email notification setting in one instance. It seemed to be nothing more than a GUI issue.
After an afternoon of playing with 4.0.1 I found enough "bugs" that we decided to go back to 3.1.7 for now.
03-10-2011 03:03 PM
I just tested your steps: changing src user from any ==> known, click OK, known ==> unknown, click OK, unknown ==> specific AD user and the value changed correctly after each OK click.
I am using FireFox 3.6.14. Have you tried clearing your browser's cache, and/or test with another browser?
As for the GUI being slower, you may want to check the mgmt CPU in the Dashboard (both mgmt & dataplane CPUs are viewable now). After upgrading to 4.0.x, the mgmt CPU may be high for several hours initially while it finish the upgrade process. This high CPU may contribute to the slowness you're seeing.
03-12-2011 09:37 AM
ksemenov wrote:
After an afternoon of playing with 4.0.1 I found enough "bugs" that we decided to go back to 3.1.7 for now.
Can you expand a little please?
We're on 3.1.7 now and I was debating whether to go to 3.1.8 or just jump to 4.0.1 - can't say that 4.0.1 brings anything to the table that for us is like "We must have that", but equally I don't see too much in the way of solid guidance from Palo Alto of when to use a given version of PAN OS the same as Juniper do.
03-12-2011 01:25 PM
networkadmin wrote:
ksemenov wrote:
After an afternoon of playing with 4.0.1 I found enough "bugs" that we decided to go back to 3.1.7 for now.
Can you expand a little please?
We're on 3.1.7 now and I was debating whether to go to 3.1.8 or just jump to 4.0.1 - can't say that 4.0.1 brings anything to the table that for us is like "We must have that", but equally I don't see too much in the way of solid guidance from Palo Alto of when to use a given version of PAN OS the same as Juniper do.
It was a combination of factors, really.
We actually really like a lot of 4.0 offers, not the least of which are some of the GUI enhancements (especially in the policy edit view, such as hiding the menu, better support for editing / viewing object, drag'n'drop, etc.) as well as the ability to share more of the configuration aspects from Panorama (e.g. Authentication Profiles) than was previously possible. 4.0 is definitely a move in the right direction.
So we upgraded our entire pre-production environment (Panorama + several HA f/w instances) just to see how it looks. Unfortunately, we didn't get a good enough feeling to stay with it. There were a few basic interface bugs (such as reporting the disk space incorrectly - I already posted about this) as well a problem specifying an email recipient for alert notification. Combined with the fact that the original release was pulled almost immediately and re-released, it didn't inspire confidence in the level of QA that PAN put into the 4.0 release.
These factors multiplied by the amount of new functionality introduced in 4.0 led us to conclude that it would not be prudent for us to put it into production yet. Perhaps we were unfair or hasty in our assessment, but we can't gamble with the stability of our environment and had to make a decision fairly quickly.
We are going to look at 3.1.8 for now and hope that PAN works out the bugs from 4.0 in short order.
Hope this helps.
03-14-2011 07:06 PM
I was having the same problem changing the service. I select application default and click OK but in the policy GUI the service changes to none. When I add a new rule I select service application default but the GUI shows any for the service. When I commited the policy it fails with the details device: Missing service value. That was using IE7, I tried from another machine also with IE7 and it worked.
03-26-2011 01:34 PM
I have similar experience with IE...make change to service/application ... click ok... and still came back with none...
I don't have this problem in Firefox.
04-01-2011 08:17 AM
Thanks for your postings. We have had similar cases opened with Support and a bug is open - slated to be fixed in the next releases due out towards the end of April. https://live.paloaltonetworks.com/docs/DOC-1791
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
