08-30-2016 12:25 AM
We are Planning to upgrade our firewall from 6.1.10 to 7.1.4 , has anyone faced any specific issue with 7.1.4 ?
Thanks in Advance.
08-30-2016 01:06 AM - edited 08-30-2016 01:09 AM
Hi,
l would go for 7.1.4-H2 as it has a hot fixes/issues that have been reported in 7.1.4.
Issues fixed in the 7.1.4:
99934 Fixed an issue where Panorama did not correctly verify Device group objects when pushing configurations with a large number of objects to firewalls, which caused commit failures with object validation errors.
99117 Fixed an issue where PA‐7080 firewalls failed to reach maximum session capacity.
97601 Fixed an issue on firewalls where dataplane CPU usage became excessive.
08-30-2016 05:21 AM
I'm just wondering why you have decided to go with 7.1.4 instead of a generally more reliable 7.0.*. Depending on what you are doing I would actually suggest sticking with 7.0.* instead of making a jump to 7.1.* just because it seems that nobody is really in consensus on what build of 7.1 is actually the most stable; which seeing as there are/were issues that were dependant on the platform.
08-31-2016 07:13 AM
There are considerable TLS supportability features in 7.1.X, commit enhancements, as well as major changes to "Dynamic Blocks Lists" that are now External Dynamic Lists. All things I want to encorporate into my company, but as you've pointed out, doesn't really seem stable yet and I'm not going to it.
Hopefully 7.1.5 will make the cut.
09-20-2016 11:27 PM
Thanks , 7.1.4-H2 running stable for you ?
09-21-2016 02:31 PM
Hello,
From what I have seen are more glitches than performance impacting bugs. I have not opened cases on any of hte issues I ahve seen as they are more annoyances rather than performance impacting.
Some of my reports no longer function correctly, they are blank.
We have 'Enable Web Alarm Notifications' enabled and now when youy acknoiwledge them, they dont go away automatcially, you have to click the 'Close' button.
User-id, while its pretty stable, we have seen it drop off a bit and we had to open a case on it. But it seems that its pretty good.
Over all I would say that its been working for us.
Regards,
09-23-2016 09:17 AM
And now looks like the user-id issues are cropping up for us...I have a case with tac...
09-28-2016 04:28 AM
Hi,
since we upgraded to 7.1.4 (we came from 6.0.4) we made good experiences. The reason why we upgraded was that the supported ciphers include DHE and ECDHE as well. But keep in mind the DHE and ECDHE algorithms are only supported for SSL Forward Proxy. Minor problems we noticed with custom reports.
09-28-2016 10:09 AM - edited 09-28-2016 10:09 AM
7.14-H2 is most stable version on 7.1.X train, but there are reports of dataplane crashes. ( We experienced issues with the mgmt -server crashing in 7.1.3). I'd say 7.0.7 is your most stable and trusted on the 7.0 train, 7.0.10 is an option, if you're feeling frisky since it hasn't been in the wild so long.
10-19-2016 02:20 AM
@OtakarKlier wrote:And now looks like the user-id issues are cropping up for us...I have a case with tac...
We are also having trouble with user-id also. Is there any update on this, i did not found anything related to this in the release notes, except for one topic on this forum about a change in the default timeout settings (https://live.paloaltonetworks.com/t5/General-Topics/XML-API-user-id-timeouts-is-there-a-configurable...)
10-19-2016 08:55 AM
So unfortunatly tech supprot didnt have a compelte answer as to why the system was randomly dropping a user here and there. While we dont have many user-id based policies, it becomes a pain when a p[articular user dose get dropped :(. We are letting 7.1.5 bake in the wild, once we feel comfortable with it, we'll go to it and see if we still have similar issues.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
