https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/auto-upgrade-best-practices/m-p/538838#M4138 <P>Hi, I recently created an Agent Settings auto-upgrade profile to test with in Cortex XDR.</P> <P>&nbsp;</P> <P>After creating the profile I created a new policy and then applied it to a small group of endpoints to start with. This worked as expected so I then ramped up to 50, 250 and finally 500 computers. Our environment has almost 16000 endpoints total.&nbsp;</P> <P>&nbsp;</P> <P>I'd like to know what Palo thinks is the best practice to now apply that policy to the entire environment.</P> <P>&nbsp;</P> <P>Is it best to replace our default policy with the one I created and then just delete/disable my "test" policy? I will also need to get creative with rolling out to our retail environment since that is the company's bread &amp; butter. <span class="lia-unicode-emoji" title=":winking_face:">😉</span>&nbsp;</P> <P>&nbsp;</P> <P>I appreciate your help.&nbsp;</P> <P>Thank you,</P> <P>Joe</P> Fri, 14 Apr 2023 22:15:29 GMT Joe_Carissimo 2023-04-14T22:15:29Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/auto-upgrade-best-practices/m-p/538838#M4138 <P>Hi, I recently created an Agent Settings auto-upgrade profile to test with in Cortex XDR.</P> <P>&nbsp;</P> <P>After creating the profile I created a new policy and then applied it to a small group of endpoints to start with. This worked as expected so I then ramped up to 50, 250 and finally 500 computers. Our environment has almost 16000 endpoints total.&nbsp;</P> <P>&nbsp;</P> <P>I'd like to know what Palo thinks is the best practice to now apply that policy to the entire environment.</P> <P>&nbsp;</P> <P>Is it best to replace our default policy with the one I created and then just delete/disable my "test" policy? I will also need to get creative with rolling out to our retail environment since that is the company's bread &amp; butter. <span class="lia-unicode-emoji" title=":winking_face:">😉</span>&nbsp;</P> <P>&nbsp;</P> <P>I appreciate your help.&nbsp;</P> <P>Thank you,</P> <P>Joe</P> Fri, 14 Apr 2023 22:15:29 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/auto-upgrade-best-practices/m-p/538838#M4138 Joe_Carissimo 2023-04-14T22:15:29Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/auto-upgrade-best-practices/m-p/538840#M4139 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/217597">@Joe_Carissimo</a>,</P> <P>&nbsp;</P> <P>Thank you for reaching out through LIVEcommunity!</P> <P>&nbsp;</P> <P>In reference to best practices for agent auto upgrade I think you're on the right track.&nbsp; We'd like all of our customers to be on the lastest available agent versions to ensure they're getting the most out of the agent and it's features.</P> <P>&nbsp;</P> <P>As far as best practices for your roll out that's entirely up to you and your organization.&nbsp; The most common issue i'm aware of is some customers reporting bandwidth issues when enabling agent auto upgrade.&nbsp; This is why there's a P2P feature that can be enabled.&nbsp; In this scenario overall bandwidth is decreased because the agents will begin reach out to other agents on the internal network before attempting to reach outside of the network for the new agent download package.&nbsp; If you haven't been having any of these issues I'd say continue to roll this out to the rest of your environment.&nbsp; To ensure you have the proper configuration for Download Source take a look at the image below.<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2023-04-14 at 5.25.02 PM.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/49496iE6F866A0546EDC56/image-size/medium?v=v2&amp;px=400" role="button" title="Screen Shot 2023-04-14 at 5.25.02 PM.png" alt="Screen Shot 2023-04-14 at 5.25.02 PM.png" /></span></P> <P>&nbsp;</P> <P>As far as creating a new policy or using the existing policy I think that's just personal preference.&nbsp; I'd think it would be faster to edit the existing policy as it's already applied to the endpoints you want affected. Once that's done you could just delete the 'test policy'.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>I hope you find this information helpful.</P> <P>&nbsp;</P> <P>Have a great day!</P> Fri, 14 Apr 2023 22:28:07 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/auto-upgrade-best-practices/m-p/538840#M4139 anlynch 2023-04-14T22:28:07Z