I'm currently checking documentation and release notes etc about 7.1.X.
I have to learn how can I understand if a version is really stable/reliable?
Obviously testing and working on it it's a good way to learning about a specific release.. I know it's sounds like a stupid question but in my opinion is not.
Besides my first question, the main question is: Which is the most reliable panOS version out right now?
Thanks in advance,
I had a rough 4 weeks trying to run 7.1.7 and I uncovered two bugs that have been reported. I upgraded from 7.0.12 with no issues and then for 4 weeks spent most of my day dealing with high management plane CPU and useridd crashing repeatedly. Last Friday I was have devsvr crashing repeatedly and my internet was down most of the day. I finally gave up and rolled back to 7.0.13 with no issues. My original bug that was started with useridd is supposed to be fixed in 7.1.9. I'm going to stick with 7.0.x branch for the foreseeable future.
I have 5060 and 5050 firewalls.
I think that most people would agree that around all of the chassis 7.0.X is the most stable branch to be on currently. That being said on the 3020 chassis I've seen zero issues with how I run things on 7.1.8 and 7.1.9. One of the largest things to take into account is that something that may be a show stopper for yourself, I'm not even going to be utilzing. So everybody has different 'stable' releases since they don't always encounter the same bugs.
If you want proven stable across the board I would go with 7.0.13. If you want the feature set of 7.1 then go with 7.1.8 (I believe that is TACs recommended branch at this point, I could be wrong). If you want the feature set of 8.0...well wait until some of the bugs get worked out because I wouldn't recommend it at this point.
There are multiple correct answers.(see above previous posts)
It al depends on what you have en need:
Apart from that pan-os 8.0.0 is not recommended 🙂
But if you have a new model its the only choice.
@OtakarKlier You mean that for the latest HIGH only 7.1.8 is not vulnerable?
The dirty cow Kernel Vulnerability is rated high, but the attack surface is very very small.
You have to login the CLI then you have to escape the CLI to the shell (only possible for PA TAC)
After that you can use the exploit
While I agree obatining shell access is super difficult. I was looking at the other ones listed. For those of us that have to regularly scan our environments, these show up and need to have a remediation plan in place :(.
But as for a stable version, I would say contact TAC and your SE.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!