I'd like to address some of the issues without addressing all of the individual issues. There are two reasons to upgrade to a new major release: 1) New features that have been added. 2) Fixes that will not be back-ported to the previous release. Depending on the code changes, not all fixes can be back-ported. For a description of the new features offered in a major release, please refer to the release notes and consult the Admin Guide for more detailed information. The best place to find what is fixed in a maintenance release is in the release notes. 4.0.2 is proving to be a very stable release with no significant stability issues. In regards to mthomasson’s specific questions on https to the management interface, QOS and IPSEC: "HTTPS not working on the management interface after the upgrade”. The workaround for this issue is to enable http on the Management interface before the upgrade. Then after the upgrade attempt to log into the WebUI using HTTPS. We do have a known issue with some certificates. If after the upgrade the web UI does not come up, log into the PAN using HTTP. Then, Go to Device Tab -> Certificates and open the certificate used for the web UI. The Usage column will be labeled "Certificate for Secure Web GUI". Deselect the check box for "Certificate for Secure Web GUI". This will cause the PAN to use the default certificate included with the web UI. I believe the QOS problem mthomasson is referring to might be from the following Knowledgepoint entry: https://live.paloaltonetworks.com/message/5782 This entry mentions that Support told the user to turn off QOS until 4.0.2 was available. This specific issue is caused by QOS profiles that include "any" in the source and destination zone fields, this is an issue that exists in 3.1.X and can also affect IPSEC. Customers can work around this issue by specifiying the source and destination zones in the QOS policies instead of using "any". I am verifying that both the certificate issue and the QOS policy issue are fixed in 4.0.3 and will confirm tomorrow.
... View more