What's your experience with 6.0.x?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What's your experience with 6.0.x?

L4 Transporter

We started configuring an HA pair of 5020's on 6.0.3.  We have yet to pass any traffic through it.  I would like to get feedback on real world Palo Alto firewalls that are running 6.0.x and how stable/unstable they are.

I did read one thread where a few customers are having HA issues but we have yet tp experience those issues.

Thank You

11 REPLIES 11

L6 Presenter

we upgraded many to 6.0.3 and 6.0.4

not any problems we had...They seem very stable for us.

L7 Applicator

PAN OS version 6.03 and 6.0.4, both are pretty stable:

For more info, please refer:

PAN-OS 6.0.3: Addressed Issues

PAN-OS 6.0.4: Addressed Issues

Thanks

L6 Presenter

Hi Jambulo,

If any customer had HA issue in 6.0.3, it doesn't mean you will experience the same.

Each bug triggers in specific environment, so you shouldn't worry about other peoples experience as long as TAC has recommended 6.0.3.

Regards,

Hardik Shah

Hardik,

While it is true that bugs are specific, those of us running HA and looking to upgrade to 6.0.3 would have more confidence if the specifics of the bug were available.  And I have had trouble getting those details on this issue.

How are we to know we won't be affected if the details of what causes the secondary to suspend are not available?

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L4 Transporter

6.0.3 has been very stable on our PA-500 lab, and PA-5020 production HA pair.

L4 Transporter

I have over 30 devices running on 6.0.4 without any major issue.

The only issue I have had with 6.0.4 is the tagging issue. If you have a policy tagged and make changes to the policy, it will usually lose the tag. This is supposed to be fixed in 6.0.5.

No issues otherwise.

Hello,

If you are running OSPF (over an IPSec tunnel interface) and you want to move to 6.0.4, be careful !

In fact, the tunnel interface is moved into 'passive' state even if you disable the 'passive' flag state in the config...

Result: OSPF neighbors never exchange routing infos !!

Regards,

HA

We upgraded our Active/Passive cluster "PAN-3020" from 5.0.6 and 6.0.3

Without any problems, they are very stable for us.

For the tag issue there is a hotfix available: 6.0.4-h2

Do you have to call and explicitly request to the hotfix?

Yes. Hot Fix are not available in regular update. PANW will add serial number of the device to database in order to publish Hot Fix.

So, Call support to get it. And its not provided to all. Its provided if firewall is effected with it.

  • 6674 Views
  • 11 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!