SecureLink Technical Alert for Palo Alto Networks customers

Announcement about PAN-OS 4.1.5 release — UPDATE: V4.1.6 already available with fixes for both issues!!

Palo Alto Networks Customer Support has identified two issues with PAN-OS 4.1.5 release. The issues are noted below:

1. VPN tunnels between PAN-OS devices and Cisco ASA devices may not re-establish IPsec SA properly after  upgrade to 4.1.5. VPN tunnels between PAN-OS devices are not affected.

2. For PA-5000 series customers:

  • Traffic either from a VPN tunnel, traversing multiple virtual systems, or across a shared gateway in multi-vsys environments may experience traffic loss.
  • Non-TCP/UDP traffic may see reduced performance due to delay in aging or closing some sessions.

If you have either of the above environments, we do not recommend installing 4.1.5 release.  If you have these platforms/features enabled, we recommend 4.1.4 release at this time.  A fix will be available in an upcoming release.

In case you have questions, please don’t hesitate to contact SecureLink for additional
information.

Comments are now closed for this article.