About cmateam

Company ended up going with another vendor all together.  Have one more set to swap out - but washing we're washing our hands of Palo Alto. Sadly I can't recommend them to anyone. Based on their customer support (lack of) in trying to help resolve the issue. It seems like it's the bottom dollar, not the customer they care about. ... View more

Running PA-2020 with 6.0.6. And 6.0.2 on another set. ... View more

I'm also struggling to keep committed to PAN when standard support renewals, threat prevention, and URL filtering costs me just a little less than other FW products (with 3 year 24x7 support) that provide the same feature sets, faster hardware, etc. From a non-profit perspective it seems like a no-brainer to switch platforms. ... View more

thanks jperry1.  When will 6.1.3 be released?  I have a support case open at the moment - which was opened on Friday.  No action has been taken at this point. Its even stranger that we have two sets and experiencing the same issue on both. Wonder if people just assume they are slow and don't say anything, or are they truly not having problems.  ... View more

I agree...so interesting that you see similar issues on 5.0.11.  I am on 6.0.6 - they were saying 6.1.x potentially fix the issues. Hmmm guessing not.  5.x.x. seemed to be bearable and the occasional failure was ok, but moving forward it has been horrible. ... View more

Just got off the phone with a Sales Engineer and Sales Rep and he is going to look into the issue, but believes that the upgrade to 6.1 resolves these issues with poor commit times and failures at commits.  He is going to research that.  It would be helpful if they just communicated that, rather then trying to sell you something. I'll let you know what I find out. ... View more

@dieterb and all. I too received a call yesterday from a Palo Alto Networks Business Development representative and they were asking about my PA-2020 experience and I mentioned that particularly after upgrading to PAN OS 6 that commits failed somewhere between 60% to 75% of the time and it took about 15 to 20 minutes to actually commit things - which becomes really frustrating when you only need to commit one change. I was then offered by the rep (the customer care upgrade program  - there is nothing Customer Care about this!) this idea of being able to upgrade for new hardware (the PAN-3020) - they would give support and other license credit to move over to the new platform. It was also eluded to that PAN knew of some hardware defect/issue (whether it is a inferior management plain, RAM, or something else? I didn't get any other details.)  that caused these issues and wasn't going to be resolved with a simple OS patch. This lead to me explaining to them that they can't expect me to upgrade when we are only a little bit under halfway of the life cycle we expect from the devices. I work for a non-profit that doesn't have endless amounts of money to fix a issue that Palo Alto created (I spoke with our VAR and it will cost us $65k to $70k to upgrade 4 firewalls we have - that are only 2.5 years old). Needless to say I am quite frustrated and ready to cut my losses and buy firewalls that are 1/6th the cost of these things that have like and/or similar features. PAN is a leader in these new features, but they aren't the only ones doing it. So I am waiting to hear back from the VAR/PAN regional rep, and yet to hear from them about what are my options.  It's also interesting that my support renewal is coming up next month, so this might be the open door to jump ship. As @dieterb said, a remedy, or a upgrade for the customer with no cost to the customer would be the right approach from PAN, but they are more interested in making the customer pay for the inferior product they created and sold. Also to note: In the PAN-OS 6.0 document, I did not see anything about the PA-2000 or 4000 series not being supported. This seems that either they didn't test their OS out well enough, or knew there was issues, but allowed people to install anyway. Seems a little fishy to me. ... View more

I've not pursued this any further as requirements for the project has changed. I spoke more with Cisco Meraki, as it seem there configuration options are less feature rich as the PAN's, and is somewhat confusing, so I've not resolved this.  Sorry. ... View more

You are correct. I just installed the license and its wanting me to activate - which can't be done until the appliance is in a suspend state.  Thanks! ... View more

Thanks! We just purchased the license and will hopefully implementing it this weekend. So this explains why I don't see that option.   All this is helpful - it sounds like going the PAN-DB route is good for our situation. Thanks all! ... View more

Thanks - So I'm a little confused.  Is the BrightCloud only use for the trail license, and then when you actually buy its a PAN-DB license for content filtering? I don't see any options under the Trail license to select the Database Download location. This is what I see. This was in reference to your link: How to Install and Activate PAN-DB for URL Filtering ... View more

I had similar issue, but I also had upgraded to 6.0.2 at the same time.  I was using AD DC produced user certificates as a part of the client verification to connect to the VPN.  I found disabling the need for the auth on the certs off, and it fixed the problem you described.  I haven't had time to open a ticket to see what broke. This affected both OS X and Win 8/7 clients. ... View more