PANOS 6

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PANOS 6

L4 Transporter

Hello,

I guess we've missed the release event of PANOS 6. Sadly we have no overview about the new features and so on...

Do you have some information to share?

28 REPLIES 28

I have to admit I have installed 6.0 on a couple of lab devices myself, so I can't say I'm not helping finding the bugs.

Hithead - why in the world are you using IE though? Is this some draconian thing at your work? Chrome or Firefox for PA all the way man... Smiley Happy

IE is our default browser at work... With FF it works.... And the same issue we had with the release of PANOS 5... nothing learned..?!

RNC wrote:

PANORAMA 5.1 introduced 64-bit mode VMWARE machine. I believe - based on these forums - that it also improved the way that the log indexing worked, in that it replaced the genindex.sh route that is called every 15 minutes with a python script. At the moment 4.1 and 5.0 management plane slow down every time genindex.sh runs,

I hope you're correct on this one - the biggest complaint I have about 5.x is this slowdown when the genindex.sh process runs (every 5 minutes, not every 15) on the firewall.

I have graphs of the management CPU usage which show it going up and down, up and done, ad-infinitum every 5 minutes.

I'm not rushing out to install 6.0 (too much experience with the QA - or lack of it - on PA's .0 releases), but if 6.0.1 comes out I'll jump into it.

ericgearhart wrote:

You guys can go ahead and find the bugs... I'll be waiting about a year until PANOS 6.0.10 is out before we will move anything critical to 6.0

Or maybe we'll wait for 6.1.10... hmm. Decisions decisions.

Hithead I believe you found a bug in the WebUI already didn't you? Self fulfilling prophecy there, no? 🙂

I see I'm not the only one with a healthy scepticism about PA's .0 releases, Eric. 🙂

darren.g yep, this whole thread is basically "preaching to the choir" for me

I am an early adopter on new releases.  Granted we are running a single PA-500, but we are tapping it pretty hard.

It is important to point out that, as far as I can recall, we have yet to run into a "show stopping" bug.  Sure, we had some high management CPU, an occasional captive portal issue, etc.  but not once has the bug been significant enough to force us to roll back.

I would rather have some occasional funk with new releases than have to deal with the interface of a Watchguard or a Sonicwall.

Just my two cents,

Bob

BobW - give it time. Wait till you have two PAs in an HA pair bouncing back and forth with dataplane restarts, or specific VoIP traffic triggering dataplane restarts once an hour, or specific instances where the PA built in DHCP server doesn't work.

Or I'm completely wrong and PA ironed out all their QA issues and 6.0 will be a solid release out the gate. I'm waiting and seeing though.

L4 Transporter

I don't want to insult PaloAlto but I cannot understand why they have so many problems with software releases. I have no idea how they develop and test their software but my suggestion is: Do it right the first time. To get and be market leader as firewall producer is it not a good way to release bug infected versions...

Also the way to create a ticket, get support and waiting for the bug fix takes me to long time... More then 1-2 months.

Hithead - honestly I think the company presses forward with new features too quickly. It's the classic "engineering versus sales" argument... engineering wants things to slow down and stable off, sales wants new features that they can sell.

GlobalProtect hasn't even stabled off yet and they're adding a mobile device management solution integrated into the firewall for example.

I understand that features sell product, and sales drive profit, and if Palo Alto Networks isn't selling then they can quickly be bankrupt, but honestly I think they need to put the brakes on some. But what do I know, I'm basically just another engineer 🙂

I couldn't agree more. I have never been hit by so many bugs with any vendor than Palo Alto.

we had to downgrade in 3 places because of 6.0.x different bugs.Also there was no time for troubleshooting the bug.

could you please tell us the bugs?

Since 4.x code, we have been hit by multiple ssl decrypt failure bugs, 100% management CPU bug, etc. We currently have a ticket open for an NTLM authentication bug on 6.0 code as well as another ticket for high useridd CPU usage on 6.0. Both are with their development team at this time.

rbergen wrote:

100% management CPU bug, etc.

Yeah, and PA's answer to that one is 'upgrade your hardware' if you're unfortunate enough to run a 2000 series.

  • 10374 Views
  • 28 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!