Reason to upgrade to 4.0.2 ? ! ?

mthomasson · ‎04-17-2011

Just recently upgraded to 3.1.8

Like others here, wondering the REAL advantages of upgrading to 4.0.2

I don't want to run into the issues missed by QA in version 4.0.1 that I have seen here

management console not working via https
Qos issues
IPSEC Tunnels not working

would like everyone's feedback

Those who have upgraded for a specific feature set

Thos who haven't or have reverted back to 3.1X release due to issues

kkolk · ‎04-21-2011

I was in Windows 7 w/ Firefox 4.0.

So the issue shows up in more then one browser.

That said I did several commits today and didn't get the error once.

slawek.kunach · ‎05-14-2011

After upgrading to 4.0.2 we experienced the following issues:

- AJAX error after Cimmit on WebGUI

- Commit would clear all Captive Portal sessions (user to IP mappings)

- Errors during Commit due to issues in URL profiles. It was comming up with: profiles -> url-filtering -> "URL PROFILE NAME HERE" -> alert ‘military’ is already in use”

'milirary' URL profile was initially set to aler in that profile. After chainging alert to allow, it jumpped to another URL profile and complained about this category. After chaining this particular category to allow in each single URL profile it jumpped to another category'malware sites'. I gave up at this point and went back to 3.1.x

muratahk · ‎05-15-2011

I am not sure if it is related as I am using 4.0.2. I installed Client Cerfification Profile, but revoked certificate was treated as valid and allowing to login. OSCP responder is working.

networkadmin · ‎05-18-2011

I'd be interested in any feedback on the major benefits in going from 3.x to 4.x as well.

Frankly I think Palo Alto have scored a bit of an own goal in bringing out a major OS release but doing a pretty poor job of actually telling their customers a) the benefits of upgrading and b) on what basis they should upgrade.

Let me clarify that a little. Right now, I have a box running 3.1.8. As far as I'm aware there is no document anywhere that says "If you have a PA-500 the current recommended release of PAN-OS is xxx" so it's left for me to "somehow" figure out which version of PAN-OS I should be running. So far as 4.x, the feedback and vibe I get from here is very non-committal and to me it almost comes across as if 4.x is still some sort of beta and isn't actually recommended for production unless you really need something it offers that 3.x doesn't have.

migration · ‎05-23-2011

If you are like me and jumped on the 50xx series you don't have a choice since there was no relase <4.0.x. I would make sure you test the packet capture filters for your 4.0.x deployment if that is something that is of importance to you and your troubleshooting ability. I know in the 50xx series it doesn't work and I am pretty sure support confirmed that it was a bug in the 40xx series as well. For some reason getting a packet capture on a box seeing 500+ megs of throughput itsn't really viable when you can't filter it

Reason to upgrade to 4.0.2 ? ! ?

Reason to upgrade to 4.0.2 ? ! ?

Show your appreciation!