This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Upgrade to 5.x - the good, the bad, the ugly?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Upgrade to 5.x - the good, the bad, the ugly?

darren_g
L4 Transporter

‎03-18-2013 05:43 PM

OK, one for you guys who have upgraded to the 5.x stream.

Ignoring the steady furore over the UserID agent and CPU issues, what are the advantages/disadvantages of upgrading from 4.1.x to 5.0.x?

I have a single HA pair, no Panorama, no Wildfire subscription, using both IPSec and SSL/Global protect VPN's.

Anyone willing to comment?

Cheers

0 Likes Likes
5 REPLIES 5

nextgenhappines
L4 Transporter

‎03-18-2013 07:04 PM

These are the main drivers for us to upgrade to 5.x

1. the return to sender for policy based routing.

2. application dependency

Ernest

0 Likes Likes

rgraves
Not applicable

‎05-10-2013 07:11 PM

Major pain point for us: In 5.0.4, DHCP Relay, and possibly all UDP proxying, is broken for VLAN sub-interfaces (both L2 and L3). Worked around by running DHCP on the firewall itself, but since PAN-OS can't run a DHCP server on a L2 interface, I had to re-architect the network to change all L2 interfaces to L3. Support also suggested rolling back to 4.1 or 5.0.2, but wouldn't guarantee that it would work.

0 Likes Likes

mikand
L6 Presenter
In response to rgraves

‎05-10-2013 09:04 PM

As a sidenote, did this feature work in 5.0.3? And do you have a bugid available for this case?

0 Likes Likes

kbrazil
L4 Transporter
In response to rgraves

‎05-10-2013 11:03 PM

Regarding running DHCP server on an L3 interface vs. L2 interface, you might not need to completely change all L2 interfaces to L3.  You could instead just add one L3 interface (if you have any extra), configure DHCP server on it, and physically plug it in to your existing L2 network without affecting the current L2 config.  You may even be able to do this with an L3 VLAN logical interface connected to the L2 VLAN forwarding object depending on your configuration.

Cheers,

Kelly

0 Likes Likes

rgraves
Not applicable
In response to mikand

‎05-13-2013 07:23 PM

I upgraded directly from 4.1 to 5.0.4. (First tier) tech support said that level 2/3 tech support had seen the problem starting in 5.0.3, but did not volunteer a bugid.

@kbrazil: Yes, I could have saved myself the tedious and error-prone L2-to-L3 interface conversion in a couple different ways. But the original reason for going L2 had passed anyway.

0 Likes Likes
  • 3424 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks