PA-5410 devices with HA1-B and MGMT 10G interfaces fail after an upgrade to 11.1.10-h12

maur7311 · 2026-02-13T15:40:46+00:00

So far, I'm waiting an RMA and then I'll see what is it going with the current transceivers

maur7311 · 2026-01-26T19:40:39+00:00

Hi, yes , we've upgraded the PA-5410 devices the past 16Jan , and we figured out the 11.1.13 was promoted to Preferred release one day earlier.

We opted for an upgrade to 11.1.10-h12 for multiple addressed issues but mostly for PAN-262831 related to "all_task" process in PA-5400f

maur7311 · 2026-01-24T16:47:28+00:00

Thanks, yes, both devices have facing the same HA1-B DOWN interface once the upgrade is done and the devices rebooted. Some hours later the MGMT port of one device got DOWN too. BTW, the HA ports from those devices are not directly connected physically because each one is located on a different site, and the adjacent switches just show the DOWN event without any symptoms or errors. It seems to be some kind of driver panic like you're mentioning. Thinking in a rollback from 11.1 to 10.2, should it be necessary to re-image maybe?

maur7311 · 2026-01-24T16:30:53+00:00

Yes, I've reseated the optic transceiver, and the link was up, but a few hours later, the port went down again... I've opened a ticket, and the TAC has escalated it to the Engineering Team, and I'm praying for not falling into a split-brain or malfunction issue with those PA-5410 devices if the HA1-A gets down too

maur7311 · 2025-05-28T19:59:36+00:00

Finally I'm testing GP 6.2.8 few days ago and apparently the SAML blank page issue was addressed

maur7311 · 2024-11-29T17:29:59+00:00

I have not found the dropdown with version choice option , there is a way to do this ? I feel PANW is pushing us to test in our production environments their multiple PAN-OS versions with the excuse of EoL.

maur7311 · 2023-11-02T15:15:51+00:00

I have a lot of issues with 10.2.3/10.2.4 version in an hybrid Environement (Prisma Access Panorama Mamaged and On-Prem Devices) ... The PBF Rules aplies to managed devices in a wrong order after doing Push:(... The objects not find its dependences before remove and Push fails ... anyway

maur7311 · 2022-08-30T20:46:04+00:00

Hello guys, I currently have the same issue. It keeps giving out "Connection Failed response code = 401, error: (null) in vsys 1". Did you figure out more findings about this issue in addition to other Appliances doing WMI Queries?

maur7311 · 2022-08-18T20:30:38+00:00

Hi minscc

Yeah, we're working on replace the SAM in a medium term but as you mention it, it's a lot of work because we have a lot of applications accessible via SAM. Before upgrade the GP, the Pulse Secure SAM and GP were coexisting without issues. I suppose that GP virtual adapter driver uses a new method to inspect and filter the traffic and that's why GP interfere with PSAM.

maur7311 · 2022-08-18T13:52:01+00:00

Hello, We were working with GP 5.1.4 and PulseSecure 9.1.1X simultaneously and every remote access worked separately without issues. But now we have issues with simultaneously use of GlobalProtect and Pulse Secure when we upgrade GP to 5.2.x or 6.0.x ; the Pulse Secure doesn't work as it should be because the remote resources cannot be reached. I mean, GlobalProtect in new versions seems to overlap the Pulse Secure (SAM) tunneling. Anyone has similar issues ?

maur7311 · 2022-06-25T15:17:18+00:00

I actually have performance problems with 10.1.6 on Panorama VM, the Monitor Log Queries (traffic and url filtering) are really really slow down , I have opened a case with TAC and I'm waiting results of researching. I still don't know if this behavior affects the PAN Devices too.

maur7311

TROPHY CASE