I am new to Palo Alto firewalls and I am hoping this a quick easy question for somebody who is more familiar with them. I would to like to upgrade my PA500 to latest firmware. It looks like the latest release is 4.1.8 (I am using 4.0.8). I have downloaded 4.1.8 to the firewall. Once I click install on 4.1.8, will that require a reboot of the firewall? I am assuming yes as every other vendor's firewall I have worked does require a reboot. How long should I expect the install/reboot to take? If it does require a reboot is there a way I can schedule the firewall to install the update during non production hours? Also, is there anything I need to know about updating from a 4.0 version to a 4.1? I can't find ANY of the details in the dozens of documents I have read. Any help on this would be appreciated. Thanks!
Yes switching firmwares will require a reboot.
In your case running 4.0.8 I think the recommended way of upgrading would be to first download and install (and reboot into) 4.1.0, and then do the same from 4.1.0 into 4.1.8 (or whatever 4.1 version you might want to use - 4.1.9 is the latest currently).
Or while you are at it, go straight to 5.0.x ?
Thanks for your answer. One other related question. During the update/reboot process, will my HA or standby PA be updated as well or do I have to jump on it and update it separately? I am hoping it's part of the process. That would be pretty lame if it didn't do it automatically.
You will have to update the standby unit on its own for obvious reasons.
One way to limit number of possible hickups for current sessions is to start the update on the standby unit. Then perform a failover and update the other device (this way you only have one failover instead of two). However im not sure what will happen to the session sync when switching major version.
You can directly upgrade to 4.1.9 (4.1.0 have to be downloaded but there is no need to install 4.1.0)
Since this is a Major Release update plan more time for the Upgrade.
Depending on the size of your Log Database we have seen upgrade time >30 min
till the Firewall is productive again.
A direct upgrade from 4.0.x to 5.0.x is not possible, you have to go through 4.1.x
please read the Release Notes before upgrading.
If you are going from 4.0.8 to 4.1.8.
The main difference i can think of is that if you are using sslvpn netconnect. It is not available in 4.1.x anymore. It will change the netconnect to global protect automatically.
Also if you are going from 4.0.8 to 4.1.8
the steps would be as follows
down and install 4.1.8
and yes after you install the system will require a reboot.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!