04-24-2014 07:02 AM
04-24-2014 01:53 PM
It has been released today.
04-24-2014 10:28 PM
thanks Hulk, great !
04-25-2014 10:04 AM
Do You think that is a time to upgrade from 5.0.11 to 6.0.2?
Is all reported to community bugs fixed in 6.0.2?
04-25-2014 10:39 AM
Judging by the huge number of fixes in 6.0.2 we'll be waiting for a couple more revs of 6.0 before we move anything production that actually moves traffic to it...
See PAN-OS 6.0.2: Addressed Issues for what I mean... that's a boatload of issues
04-25-2014 11:11 AM
I have already made the upgrade to 6.0.2 on my customer FW.
It seems to work 🙂
04-27-2014 10:47 AM
I agree with ericgearhart, for the jump from 4 to 5 we waited until the 5.0.6 release. There does seem to be a much better QA process for regression testing and I do hear all the PA technical support contacts saying and doing the right things. So this time we may be ready to make the transition at 6.0.4.
But the listing of three ftp bugs fixed in the 6.0.2 release linked above demonstrates that regression testing is not quite where it needs to be for major code train releases just yet.
04-28-2014 12:28 AM
Take a look into date of released late 5.0.x versions. Early version started to lunch every months - now they need two months for versions. Maybe this will give us better product.
I switched to 6.0.2 this weekend, One issue was with FreeRadius. After I upgraded to 6.0.2 Captive Portal stopped authorising users. I had to restart radius process. Until now 6.0.2 seems to be a "good version".
I still have app-override for VoIP, maybe this week I will try to disable app-override and test my VoIP connections. Accrding to support engineer 6.x PAN should properly wor with VoIP (problems discussed Re: VoIP Traffic, strange behavior, need help to understand please.).
04-28-2014 01:18 AM
Has anyone upgraded a HA cluster to 6.0.2?
I've installed the upgrade on the passive node, and now I'm seeing "non-functional (Peer version not compatible)" on this firewall.
I've set "session tcp-reject-non-syn no" on both firewalls as suggested by the release notes, and I'm ready to suspend the active firewall, but I would like to know if this will cause traffic to stop when trying to fail over to this node.
04-28-2014 01:30 AM
upgrading between minor versions should cause the state table to still be synced between the nodes so traffic can keep flowing when you fail over. between major versions prior to 6.0 this was not possible hence the addition of setting tcp-reject-non-syn no to allow "broken" sessions to continue flowing as this setting removes the need for a proper tcp handshake to establish sessions.
a good check to run before failing over is "show high-availability state" and "show sessions all"
if your state table has been populated (in case of minor upgrade) you're good to go
in case of a major upgrade you'll want to take a little more care as the state table is not synchronized and there could potentially be drops if reject-tcp-non-syn has not been disabled
04-28-2014 02:50 AM
Yes I have upgraded a live cluster. This worked fine with no issues and packet loss.
05-09-2014 07:16 AM
I didn't see anything unusual with our 2050 ( about mng cpu ) .just to inform.
05-21-2014 12:12 AM
hi, you are right. the mgt cpu is ok. was just a peak...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!