@BPryActually, that's the reason I found most compelling. I too wish I had access to the official TAC published list, and YMMV with your own assigned PANW SE. However my track record has been pretty good - the SE assigned to my companies has known our environment fairly well. Not well enough to know server names/IPs, etc., but which general features we're using and what our configuration we used to deploy our PANW Firewalls...they've had that fairly well, and sometimes that affects whether or not a version can be recommended. Usually that amounts to "TAC says Version X is recommended, but there's some cautions about the PA-5000 series using TS-Agents" or something like that. But it could go/has gone the other way: "TAC hasn't officially flagged version Y as recommended, but this has a bug fix in it that affects you and is otherwise fairly mature in the line - it just hasn't been out long enough to be recommended by TAC. But I think you'd be safe and possibly better off considering moving to that version." To be sure, I wish it was cut & dry/black & white - "just use TAC-approved version X". I wish I could at least see that so I know when TAC changes their official opinion.
... View more