topic software update question in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/software-update-question/m-p/595643#M3616 <P>When updating Palo firewalls, why the need to update through each base version as well as a preferred maintenance version?</P> <P>e.g. if going from version 8.1.x, to 10.1.x,&nbsp; why 9.0 &gt;&nbsp; 9.0.x &gt; 9.1 &gt; 9.1 &gt; 10.0 etc.</P> <P>&nbsp;</P> <P>IF each baseline version release e.g. 9.0, 9.1, 10.0 is a full release of the software then what is to stop upgrading to 9.0 &gt; 10.0 &gt; 10.1 skipping the interim preferred maintenance releases?</P> <P>&nbsp;</P> <P>The only obvious 2x explanations that I can come up with are :</P> <UL> <LI>the baseline releases for 9.0, 10.0 etc are not in fact full versions of the firewall software and must have a dependency on previous versions.</LI> <LI>The preferred maintenance versions are ONLY required if upgrading a firewall with an existing configuration, so that each version update can rewrite each policy rule in line with internal database changes etc. thus not corrupting the configuration if theoretically jumping from 8.1.x to 10.1.0 for example.</LI> </UL> <P>Does anyone have any internal level of technical understanding which can confirm if I can get away with upgrading from 8.1.x to 10.1.0 without interim versions, on an otherwise factory reset firewall with no customised configuration in place?</P> <P>&nbsp;</P> <P>Always curious!</P> <P>&nbsp;</P> Thu, 22 Aug 2024 15:41:57 GMT Dustynet 2024-08-22T15:41:57Z software update question https://live.paloaltonetworks.com/t5/next-generation-firewall/software-update-question/m-p/595643#M3616 <P>When updating Palo firewalls, why the need to update through each base version as well as a preferred maintenance version?</P> <P>e.g. if going from version 8.1.x, to 10.1.x,&nbsp; why 9.0 &gt;&nbsp; 9.0.x &gt; 9.1 &gt; 9.1 &gt; 10.0 etc.</P> <P>&nbsp;</P> <P>IF each baseline version release e.g. 9.0, 9.1, 10.0 is a full release of the software then what is to stop upgrading to 9.0 &gt; 10.0 &gt; 10.1 skipping the interim preferred maintenance releases?</P> <P>&nbsp;</P> <P>The only obvious 2x explanations that I can come up with are :</P> <UL> <LI>the baseline releases for 9.0, 10.0 etc are not in fact full versions of the firewall software and must have a dependency on previous versions.</LI> <LI>The preferred maintenance versions are ONLY required if upgrading a firewall with an existing configuration, so that each version update can rewrite each policy rule in line with internal database changes etc. thus not corrupting the configuration if theoretically jumping from 8.1.x to 10.1.0 for example.</LI> </UL> <P>Does anyone have any internal level of technical understanding which can confirm if I can get away with upgrading from 8.1.x to 10.1.0 without interim versions, on an otherwise factory reset firewall with no customised configuration in place?</P> <P>&nbsp;</P> <P>Always curious!</P> <P>&nbsp;</P> Thu, 22 Aug 2024 15:41:57 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/software-update-question/m-p/595643#M3616 Dustynet 2024-08-22T15:41:57Z Re: software update question https://live.paloaltonetworks.com/t5/next-generation-firewall/software-update-question/m-p/596007#M3642 <P>it is perfectly possible to perform these upgrades using only the base versions</P> <P>that said, it is recommended to also download the latest maintenance release to protect you from running into any bugs while you're upgrading</P> <P>&nbsp;</P> <P>so you can do&nbsp;</P> <P>8.1.x &gt; 9.0.0 &gt; 9.1.0 &gt; 10.0.0 &gt; 10.1.0 (starting from 10.1 you can actually skip intermediate versions so you could do 10.1 &gt; 11.1)</P> <P>but if you run into a bug, you may need to get TAC involved and your upgrade grinds to a halt</P> <P>&nbsp;</P> <P>hence the recommendation to</P> <P>&nbsp;</P> <P>from 8.1.x</P> <P>download 9.0.0 and 9.0.17-h5, install and reboot 9.0.17-h5</P> <P>download 9.1.0 and 9.1.18, install and reboot 9.1.18</P> <P>download 10.0.0 and 10.0.12, install and reboot 10.0.12</P> <P>download 10.1.0 and 10.1.13-h1, install and reboot 10.1.13-h1</P> <P>&nbsp;</P> <P>if you're feeling lucky and there's no config on the firewall, feel free to go for the base images only</P> <P>&nbsp;</P> <P>hope this helps</P> Mon, 26 Aug 2024 23:29:31 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/software-update-question/m-p/596007#M3642 reaper 2024-08-26T23:29:31Z