Recommended Pan-OS version

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Recommended Pan-OS version

L2 Linker

I have a 5220 that I am using as core L3 segmentation router for my 500 user environment. Currently running 9.1.3 Pan-OS and  What version of PAN-OS is recommended for this scenario. Is it generally advised to install the latest version posted on device-software check? 

 

2 accepted solutions

Accepted Solutions

L7 Applicator

As @S.Cantwell already wrote for recommended versions check the article about release guidance. The direct link is this one: https://live.paloaltonetworks.com/t5/Customer-Resources/Support-PAN-OS-Software-Release-Guidance/ta-...

 

Just some little things I need to add:

  • If you use tls decryption with certificate revocation checking, make sure you upgrade to PAN-OS 9.1.10 and not 9.1.8/9 as there is a bug with this feature that could crash the decryption process
  • If you do not really, really need any of the new features of PAN-OS 10.1, then do not upgrade. This release is new and might(/probably) contains bugs that you do not want to have on a production firewall. Wait until there is a minor release that will be marked as a preferred one.

View solution in original post

Hi @dkordyban 

(The following is not an official answer from paloalto, this is only my opinion based on a few years of experience with pan-os)

I recommend to stay with PAN-OS 9.1 until 10.0.8 is available. This is simply a general recommendation by me because in the past every time when I updated prior to x.y.8 we had ugly issues. These issues weren't always critical and also not always on all hardware, but I wait at least until x.y.8 until I upgrade to the new majorversion.

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

The link to the recommended TAC release is 

 

https://live.paloaltonetworks.com/t5/blogs/discussion-feature-recommended-pan-os-versions/ba-p/31229...

 

You can always keep closer to the later version; so if you are running 9.1.3, you can comfortably be at 9.1.8 or 1.9.

 

Depending on newly added feature requirements, upgrading to the 10.0 or the 10.1 is something that you can do.

Please help out other users and “Accept as Solution” if a post helps solve your problem !

L7 Applicator

As @S.Cantwell already wrote for recommended versions check the article about release guidance. The direct link is this one: https://live.paloaltonetworks.com/t5/Customer-Resources/Support-PAN-OS-Software-Release-Guidance/ta-...

 

Just some little things I need to add:

  • If you use tls decryption with certificate revocation checking, make sure you upgrade to PAN-OS 9.1.10 and not 9.1.8/9 as there is a bug with this feature that could crash the decryption process
  • If you do not really, really need any of the new features of PAN-OS 10.1, then do not upgrade. This release is new and might(/probably) contains bugs that you do not want to have on a production firewall. Wait until there is a minor release that will be marked as a preferred one.

Thank you. Makes sense to not upgrade to 10.1. What are your thoughts on upgrading to 10.0.6?

Hi @dkordyban 

(The following is not an official answer from paloalto, this is only my opinion based on a few years of experience with pan-os)

I recommend to stay with PAN-OS 9.1 until 10.0.8 is available. This is simply a general recommendation by me because in the past every time when I updated prior to x.y.8 we had ugly issues. These issues weren't always critical and also not always on all hardware, but I wait at least until x.y.8 until I upgrade to the new majorversion.

  • 2 accepted solutions
  • 13908 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!