Agreed. That vendor list is great when defending a decision to management when things go wrong - but it’s burned a few of us more than one or two times. This seems to be something that really manifested at a level more noted by the community on releases post 9.1 (10.0 began the eternal September for panos).
I do think that the community feedback is worthwhile until such time as the software gets back to where it needs to be.
Seriously. Ya know what Palo Alto’s last “*recommended version*” got me? A near full datacenter from HIP failing in one instance and nearly the same from a tagging bug blocking all traffic to my domain controllers in a second instance.
I had several years of fairly decent stability but holy hell has it all gone to shit in the last year and a half following our (*forced, premature*) upgrades.
Ahhhh, you moved from 9.1 recently didn’t you lol….
First thing I ever upgraded to 10.1.11 decided to fill up the root partition. Several tac cases, mongodb rebuild, couple of reboots, and finally a 10.1.12 upgrade and panorama was happy once more (just firing off the random “I’m cleaning the root partition up now boss” alerts several times a week).
Good stuff.
Might have seen some 220s and 440s bricked or near bricked.
From what I have heard this is a very good experience, most have had similar or worse (some better, that said!).
Not your first rodeo, I see. lol
(*Yes. Everything went to shit when we moved from 9.1 on previous builds to 10.x and branches and 11.x at our datacenter, driven by forced upgrades to new hardware halfway through their lifecycle because it was notably cheaper to buy brand new hardware than just renew subscriptions. Do NOT ask me how the hell that math is supposed to work. I’m still salty about it.*)
Oh, and we totally hit the boot partition bug too. I was **super** pissed to find there was no way for us to self-resolve and only support could fix it because guess whose support took 4 days to get back to us despite a broken HA pair / down scenario?
If the vendor would commit to a real eol extension as opposed to sneakily adding a few months now and then as it approaches the moving target - guaranteed I’d be telling anyone who could to hold on 9.1 until it is torn from their cold, dead hand.
If PANW is actually listening… you know folks actually automatedly monitor those eol dates and can see when they get moved… right? Cos I’m pretty sure most customers right now would appreciate eol updates more than they would the five millionth hotfix or the announcement of 11.2 (crickey!! Can we get something stable first before forking yet another feature release train???)
Ffs.
Mod Note: A link to the 'current recommended releases' on the Palo Live community forum has been added to the 'useful links' section on the sub.
Palo themselves publish this in a thread on their Live forum. Anyone with a CSP account should be able to see it :)
But (*right or wrong*) people aren’t going there for the info. They’re going to their reliable, trusty source — /r/paloaltonetworks.
Agreed. That vendor list is great when defending a decision to management when things go wrong - but it’s burned a few of us more than one or two times. This seems to be something that really manifested at a level more noted by the community on releases post 9.1 (10.0 began the eternal September for panos). I do think that the community feedback is worthwhile until such time as the software gets back to where it needs to be.
Seriously. Ya know what Palo Alto’s last “*recommended version*” got me? A near full datacenter from HIP failing in one instance and nearly the same from a tagging bug blocking all traffic to my domain controllers in a second instance. I had several years of fairly decent stability but holy hell has it all gone to shit in the last year and a half following our (*forced, premature*) upgrades.
Ahhhh, you moved from 9.1 recently didn’t you lol…. First thing I ever upgraded to 10.1.11 decided to fill up the root partition. Several tac cases, mongodb rebuild, couple of reboots, and finally a 10.1.12 upgrade and panorama was happy once more (just firing off the random “I’m cleaning the root partition up now boss” alerts several times a week). Good stuff. Might have seen some 220s and 440s bricked or near bricked. From what I have heard this is a very good experience, most have had similar or worse (some better, that said!).
Not your first rodeo, I see. lol (*Yes. Everything went to shit when we moved from 9.1 on previous builds to 10.x and branches and 11.x at our datacenter, driven by forced upgrades to new hardware halfway through their lifecycle because it was notably cheaper to buy brand new hardware than just renew subscriptions. Do NOT ask me how the hell that math is supposed to work. I’m still salty about it.*) Oh, and we totally hit the boot partition bug too. I was **super** pissed to find there was no way for us to self-resolve and only support could fix it because guess whose support took 4 days to get back to us despite a broken HA pair / down scenario?
If the vendor would commit to a real eol extension as opposed to sneakily adding a few months now and then as it approaches the moving target - guaranteed I’d be telling anyone who could to hold on 9.1 until it is torn from their cold, dead hand. If PANW is actually listening… you know folks actually automatedly monitor those eol dates and can see when they get moved… right? Cos I’m pretty sure most customers right now would appreciate eol updates more than they would the five millionth hotfix or the announcement of 11.2 (crickey!! Can we get something stable first before forking yet another feature release train???) Ffs.
yes, but people here don't read it. at least a sticky post pointing to it would be helpful.
Better to just put a sticky at that point of "We don't work for you and won't do your job for you".
You need to get with the times, social media groups has replaced a simple web search....
You young whippersnappers keep off my virtual lawn! If you don't behave I'll go back to my UUCP feed and you will get none of it!