Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-05-2016 06:25 AM
I upgraded our lab palo to 7.1.0 last night. Has anyone else upgraded anything in their enviornment yet? I don't plan on doing anything in our production enviornment until at least 7.1.1 or 7.1.2.
Not really having much time yet I don't have much to say other than I'm looking forward greater awareness from things like the SaaS reports as well as the extra 10 or 12 cipher suites that are supported in 7.1.0 over prior versions.
Gotta say though I'm not digging the new look/feel of the GUI. The sharp lines/edges make the view feel "old."
04-05-2016 07:07 AM
Question for the "Palo" people on the site:
EBLs, formerly Dynamic Block Lists, now being able to use URLs; Can/How (can) we use EBLs with URLs in a URL Profile?
04-05-2016 10:57 AM
Gotta say though I'm not digging the new look/feel of the GUI. The sharp lines/edges make the view feel "old."
It grows on you. It took me a week or two to get used to it (during beta), but now I prefer the new style... and that's after 4yrs+ of experience with the previous GUI design. Hopefully you experience the same.
04-05-2016 10:59 AM - edited 04-05-2016 11:48 AM
Upgraded my lab. Running the final for 2 days now.
Finally the ECDHE ciphers for the SSL proxy are there, and they work!
Only inbound ssl decyption with ECDHE ciphers don't work for me.
For now i am satisfied.
04-05-2016 11:38 AM
Looking to upgrade to take advantage of the new ciphers, but will probably wait until 7.1.2 or 7.1.3. We got bit with the SSL memory leak in 7 and I need to make sure things are stable. Right now EHDCE ciphers are killing us as we do overrides weekly. Much needed feature.
04-05-2016 11:42 AM - edited 04-05-2016 11:43 AM
yeah no way I'm risking my neck putting it in prod yet. There are A LOT of "known issues" for 7.1.0. I'll wait for that list to be pared down.
04-05-2016 12:38 PM
I'm eager to update, but feel the same way. Wait until 7.1.1 or later. There are a few things I really like:
* Commit Queues (commits take forever on our PA-500)
* GP for chrome
* Unified logs
* External Dynamic Lists
* PFS for SSL
We're not affected by any of the known issues. How safe do you think it would be to update now, versus waiting? We have a HA pair, so I could always upgrade one of them, and turn Off HA and see how things run.
04-05-2016 01:24 PM
Personally I wouldn't do it.
But you can review the "known issues." See if any surround anything you'd be implementing in your enviornment. If there isn't anything there theoretically you might be "safe." Even then I'd talk to your SE and get their take. Then I'd tell management that you're upgrading to this new software but there could be a potential that things could go horribly wrong. Give them your thought on how you'd fix it quickly.
If after all that management is comfortable and you're comfortable...Go for it.
Personally I'd just wait the 6 more weeks for at least 7.1.1 to come out.
04-05-2016 01:26 PM
@brucegarlock Commits are great in 5060s. hahaha
04-05-2016 01:29 PM
Brandon_Wertz I am jealous 🙂
I've started looking at my back-out plan, but you are right - I should just wait a bit and be patient. 🙂
04-05-2016 08:26 PM
Trust me I'm feeling froggy with all the extra features 7.1 has, but I prefer to keep my job. So I sit and wait...waiting to play with the shinies...Begging for me to bring them out to play.
04-06-2016 08:11 PM
I'll be upgrading my panorama to 7.1, but holding off on the firewalls until later, like 7.1.2 unless I need the feature sooner.
04-07-2016 06:31 AM
I had a chance to play with it in beta, but not quite as much as I would have liked too.
I installed it on a lab PA-200 yesterday from a perfectly working version of 7.0.6.
I am having some decrypt issues with websites again. Sites such as Google Earth, Bing maps, banking websites, etc. are spinning and spinning in Chrome, IE, and Edge eventually come up, but continue to spin. Search boxes where you would expect to see auto-populated data (say Bing maps) don't work. Disabling the decrypt SSL rul instantly resolves the issue.
I'll probably open a ticket with Palo Alto again for investigation. It always seems to boil down to features that I feel we need the most as engineers not working correctly.
Matt
04-07-2016 04:30 PM
@Brandon_Wertz, about EBL/EDL, I have created the following to show how to use the EBL in a URL filtering policy here:
I hope this answers this question.
04-07-2016 06:28 PM
Exactly what I was looking for thanks @jdelio
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
