All - maybe I am just jumping on it to early. I cannot see to find any place to download it from. I can see the update for 5.2.x. Thoughts - do I just need to wait till tomorrow?
https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary
EDIT: 5.1.x hasn’t been updated since March 2021. It has been end of engineering for a while. You need to look at moving to 5.2.x.
Yep you might as well make the jump to 5.2.8 I am in the process of doing the same thing right now due to the new vulnerabilities.
Question to anyone…we are new to Palo…what is the user experience when you activate a newer version on the firewall?
Are they forced to upgrade or just given the offer to? And I assume it doesn’t impact current sessions on older versions but just when they go to connect?
So Palo Alto support released a high vulnerability - https://security.paloaltonetworks.com/CVE-2021-3057 and state that 5.1.9 and 5.2.8 are to be migrated to to avoid the vulnerability.
This depends on the settings you have within the VPN gateway/portal for the device. You can set it to forced, manual, or give user and option. I had users running 5.1.3( a while ago) that could still use it while upgrading to 5.1.5.
Therefore based of your settings for the agent, so it may not forced but sometimes weird behavior can start to weed out the unusual (aka non standardized) setups.
Interesting. I’m thinking that’s an error on their part. I’d be pretty surprised if they released 5.1.9 but you never know.
It’s slated to be released in November and the only reason to ever run the 5.1 train is for windows 7.
Thank you /u/tessiok for that information. That just makes it more apparent to push for the 5.2.8, not wanting to wait for an exploit to be known.
Makes sense. Thanks.
5.1.9 has been released
Thank you /u/jacobt777!
I have decided to go with 5.2.8 and move up the code versions.