PANOS 6

IE is our default browser at work... With FF it works.... And the same issue we had with the release of PANOS 5... nothing learned..?!

RNC wrote:

PANORAMA 5.1 introduced 64-bit mode VMWARE machine. I believe - based on these forums - that it also improved the way that the log indexing worked, in that it replaced the genindex.sh route that is called every 15 minutes with a python script. At the moment 4.1 and 5.0 management plane slow down every time genindex.sh runs,

I hope you're correct on this one - the biggest complaint I have about 5.x is this slowdown when the genindex.sh process runs (every 5 minutes, not every 15) on the firewall.

I have graphs of the management CPU usage which show it going up and down, up and done, ad-infinitum every 5 minutes.

I'm not rushing out to install 6.0 (too much experience with the QA - or lack of it - on PA's .0 releases), but if 6.0.1 comes out I'll jump into it.

ericgearhart wrote:

You guys can go ahead and find the bugs... I'll be waiting about a year until PANOS 6.0.10 is out before we will move anything critical to 6.0

Or maybe we'll wait for 6.1.10... hmm. Decisions decisions.

Hithead I believe you found a bug in the WebUI already didn't you? Self fulfilling prophecy there, no? 🙂

I see I'm not the only one with a healthy scepticism about PA's .0 releases, Eric. 🙂

darren.g yep, this whole thread is basically "preaching to the choir" for me

I am an early adopter on new releases.  Granted we are running a single PA-500, but we are tapping it pretty hard.

It is important to point out that, as far as I can recall, we have yet to run into a "show stopping" bug.  Sure, we had some high management CPU, an occasional captive portal issue, etc.  but not once has the bug been significant enough to force us to roll back.

I would rather have some occasional funk with new releases than have to deal with the interface of a Watchguard or a Sonicwall.

Just my two cents,

Bob

BobW - give it time. Wait till you have two PAs in an HA pair bouncing back and forth with dataplane restarts, or specific VoIP traffic triggering dataplane restarts once an hour, or specific instances where the PA built in DHCP server doesn't work.

Or I'm completely wrong and PA ironed out all their QA issues and 6.0 will be a solid release out the gate. I'm waiting and seeing though.

Hithead - honestly I think the company presses forward with new features too quickly. It's the classic "engineering versus sales" argument... engineering wants things to slow down and stable off, sales wants new features that they can sell.

GlobalProtect hasn't even stabled off yet and they're adding a mobile device management solution integrated into the firewall for example.

I understand that features sell product, and sales drive profit, and if Palo Alto Networks isn't selling then they can quickly be bankrupt, but honestly I think they need to put the brakes on some. But what do I know, I'm basically just another engineer 🙂

I couldn't agree more. I have never been hit by so many bugs with any vendor than Palo Alto.

we had to downgrade in 3 places because of 6.0.x different bugs.Also there was no time for troubleshooting the bug.

could you please tell us the bugs?

Since 4.x code, we have been hit by multiple ssl decrypt failure bugs, 100% management CPU bug, etc. We currently have a ticket open for an NTLM authentication bug on 6.0 code as well as another ticket for high useridd CPU usage on 6.0. Both are with their development team at this time.

rbergen wrote:

100% management CPU bug, etc. 

Yeah, and PA's answer to that one is 'upgrade your hardware' if you're unfortunate enough to run a 2000 series.