PANOS 4.1.0 has a major FLAW

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PANOS 4.1.0 has a major FLAW

L0 Member

where do should I get support  to fix a critical ad major issue with PA 5050 running 4.1.0.

When issuing  "commit" command the unit drop connenctions and teh arp tables get corrupted for about 30 minutes.

As far as PaloAlto Support the issues is major and was discovered two weeks ago when troubleshooting with CB but the fix won't be available for anotehr 6 weeks.

I think that is not fair and someone need to Tell Nir Zuk we need fast response because one of teh reason I dropped Checkpoint 8 years ago was because of lack of response to customer and the turn around on fixing bugs.

1 accepted solution

Accepted Solutions

Just wanted to say we're now running 4.1.4, with some PA Support provided workarounds (thanks JW).

Full Active/Active at two sites, ospf and commit problems gone too.

4.1.7 is sleighted to have all the workarounds included or fixed.

View solution in original post

11 REPLIES 11

L4 Transporter

Hello,

Thank you for sharing this information. we're mass-deploying 4.1 and our 5050 pair is next.

L4 Transporter

Have you asked if there is a hotfix?

Not applicable

If anyone will find firewall vendor which cares about its customers, please let me know :smileylaugh:

L2 Linker

Hi,  I'm very sorry that you are experiencing issues with 4.1.  Can you message me with your support case number so that I can research this and assist you in getting resolution?

Best Regards,

Marc

L2 Linker

Thanks for the heads up.  Was going to upgrade a pair of PA 2020s and begin deployment of PA 5050s using 4.1.  The PA 2020 upgrade will wait.

The PA 5050 deployment will be on hold.

L1 Bithead

Thanks for the info.  Palo Alto Support people, if you have such a critical bug you should pull the update.  Having a major issue like this is going to cause everyone major issues when it can be avoided.  I will delay our rollout as well.

We're running 4.1.0 on an active/active pa5050 pair.

I have shut down one pa5050 due to asymetric routing issues that are  my fault

( addressed in a PA OSPF tech note -  https://live.paloaltonetworks.com/docs/DOC-1939 ). Lots of non-syn-tcp streams.

I sometimes see commit problems with my ospf routers (Cisco, Avaya) connected to the PA's, mostly when I make Device -> Interface changes. They were especially annoying when both PA's were active. Panorama policy pushes don't seem to cause these hiccups.

I'm intending to upgrade to 4.1.1, hopefully tomorrow morning.

According to this doc: https://live.paloaltonetworks.com/docs/DOC-1982 4.1.1 may not have the fix :smileygrin:

Has this been resolved yet?

I am on single unit of PA-5060 using PAN OS 4.1.2 for 20 hours seem to be all right with 5,000 users.

Let's see how it will be when 1,000 more users came back from vacation on next week.

Thanks to PAN Support Team who finally solve a lot of issues.

(^_^)

Songkrant

Just wanted to say we're now running 4.1.4, with some PA Support provided workarounds (thanks JW).

Full Active/Active at two sites, ospf and commit problems gone too.

4.1.7 is sleighted to have all the workarounds included or fixed.

  • 1 accepted solution
  • 5516 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!