03-18-2013 05:43 PM
OK, one for you guys who have upgraded to the 5.x stream.
Ignoring the steady furore over the UserID agent and CPU issues, what are the advantages/disadvantages of upgrading from 4.1.x to 5.0.x?
I have a single HA pair, no Panorama, no Wildfire subscription, using both IPSec and SSL/Global protect VPN's.
Anyone willing to comment?
03-18-2013 07:04 PM
These are the main drivers for us to upgrade to 5.x
1. the return to sender for policy based routing.
2. application dependency
05-10-2013 07:11 PM
Major pain point for us: In 5.0.4, DHCP Relay, and possibly all UDP proxying, is broken for VLAN sub-interfaces (both L2 and L3). Worked around by running DHCP on the firewall itself, but since PAN-OS can't run a DHCP server on a L2 interface, I had to re-architect the network to change all L2 interfaces to L3. Support also suggested rolling back to 4.1 or 5.0.2, but wouldn't guarantee that it would work.
05-10-2013 09:04 PM
As a sidenote, did this feature work in 5.0.3? And do you have a bugid available for this case?
05-10-2013 11:03 PM
Regarding running DHCP server on an L3 interface vs. L2 interface, you might not need to completely change all L2 interfaces to L3. You could instead just add one L3 interface (if you have any extra), configure DHCP server on it, and physically plug it in to your existing L2 network without affecting the current L2 config. You may even be able to do this with an L3 VLAN logical interface connected to the L2 VLAN forwarding object depending on your configuration.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!