Just recently upgraded to 3.1.8
Like others here, wondering the REAL advantages of upgrading to 4.0.2
I don't want to run into the issues missed by QA in version 4.0.1 that I have seen here
would like everyone's feedback
Those who have upgraded for a specific feature set
Thos who haven't or have reverted back to 3.1X release due to issues
I've upgraded ours to 4.0.2 and the only issue I've had so far is that when you do a commit or a similar function at the end of the ajax call rather then success often you get an AJAX error. At which point if you close that window and click anywhere in the web GUI you get booted back to login.
If you login again you'll then see that you have two sessions open. The old broken one and a new one.
After upgrading to 4.0.2 we experienced the following issues:
- AJAX error after Cimmit on WebGUI
- Commit would clear all Captive Portal sessions (user to IP mappings)
- Errors during Commit due to issues in URL profiles. It was comming up with: profiles -> url-filtering -> "URL PROFILE NAME HERE" -> alert ‘military’ is already in use”
'milirary' URL profile was initially set to aler in that profile. After chainging alert to allow, it jumpped to another URL profile and complained about this category. After chaining this particular category to allow in each single URL profile it jumpped to another category'malware sites'. I gave up at this point and went back to 3.1.x
I'd be interested in any feedback on the major benefits in going from 3.x to 4.x as well.
Frankly I think Palo Alto have scored a bit of an own goal in bringing out a major OS release but doing a pretty poor job of actually telling their customers a) the benefits of upgrading and b) on what basis they should upgrade.
Let me clarify that a little. Right now, I have a box running 3.1.8. As far as I'm aware there is no document anywhere that says "If you have a PA-500 the current recommended release of PAN-OS is xxx" so it's left for me to "somehow" figure out which version of PAN-OS I should be running. So far as 4.x, the feedback and vibe I get from here is very non-committal and to me it almost comes across as if 4.x is still some sort of beta and isn't actually recommended for production unless you really need something it offers that 3.x doesn't have.
If you are like me and jumped on the 50xx series you don't have a choice since there was no relase <4.0.x. I would make sure you test the packet capture filters for your 4.0.x deployment if that is something that is of importance to you and your troubleshooting ability. I know in the 50xx series it doesn't work and I am pretty sure support confirmed that it was a bug in the 40xx series as well. For some reason getting a packet capture on a box seeing 500+ megs of throughput itsn't really viable when you can't filter it
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!