Software Release Guidance for Prisma SDWan Ion Devices

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Software Release Guidance for Prisma SDWan Ion Devices

L0 Member

To any of you using the Cloudgenix Ion devices, do you have any version upgrade recommendations or best practices?  Is anyone running 6.x successfully or are most staying with an older supported release like 5.6?

 

End-of-Life Summary - Palo Alto Networks

 

I had all our devices (Ion 3k,7k, 9ks) on 5.6.5-b15 which we didn't have too many problems with.  During a reason network maintenance window I opted to upgrade to 6.1.1-b10, which has been a disaster, getting tons of reports of dropped zoom/teams calls and just general network issues.  I'm debating if I should go back to 5.6.5-b16 and wait until 6.x is more stable or move to 6.2.1 in hopes that it alleviates my issue.

 

 

I have been trying to stick with versions that have more b revisions in the hopes of higher stability because they seem to update minor versions quickly and abandon them, but my recent experience with the 6.1.1-b10 branch makes me think this may not be the best strategy.

 

Anyone else have any thoughts on this?  I really wish they had a software release guidance thread similar to Pan-OS where support can chime in and tell us which versions are stable or recommended and which are more beta or experimental.  

 

 

 

 

6 REPLIES 6

L2 Linker

From recent experience shadowing another engineer on a project, stay on 5.6.  Avoid 6.2.1 for now for sure, 6.1.4 may be ok in some circumstances but probably wait for 6.1.5.  Issues encountered include software proc restarts and false positives with tunnel monitoring.  We are hoping for something better in 6.1.5 but are stuck with 6.1 on newer (ION3200, ION5200) boxes or we would probably be on 5.6 code.  We are told by TAC that 6.5 should be available beginning of October.

Douglas Elliott
Security Implementation Engineer
delliott@sayers.com

L1 Bithead

I have been a running a mix of 6.1.3-b1 and 6.1.2-b5 on my CG3000 ION's.   We were told that 6.1.3-b1 was the recommended support release in October.  We haven't had issues reported while running these releases from our branches.  Looking at my device list, we have had devices running 6.1.2-b5 since April 2023.

running 6.1.4-b2 on ION 5200s, ran into a new bug last week where AppID "enterprise-unknown" exists in traffic of the security policy causes failed LAN to LAN bi-directional communications.  Requires a custom app-ID to identify as other than enterprise-unknown. Discussed upgrading but are afraid of running into new bugs.  Thanks for you reply.

Douglas Elliott
Security Implementation Engineer
delliott@sayers.com

L1 Bithead

I reached out to support today since PA does not publish a recommended release.  They referred me to my account team.  The reply I received was 6.15b1 is the current recommended release for the 6.x version.  I upgraded our lab ION from 6.1.3-b1 and it was a quick upgrade.

L1 Bithead

We have been running 6.1.5-b1 at all of my sites for a month now and we haven't seen any major issues.  We are running 3000, 9000, and Azure ION's on this code.

L1 Bithead

Software release guidelines for Prisma SD-WAN IONs is now available:  https://live.paloaltonetworks.com/t5/community-blogs/faq-prisma-sd-wan-software-release-guidance/ba-...

  • 5561 Views
  • 6 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!