I currently manage a group of Palo Alto FW Devices (5220, 800, 3200 and 200 series) via a Panorama M-100 Series Appliance.
I would like to know if Panorama pushes automatically PAN OS SW Update (at the PAN OS - level only - not AV, AppID or Wildfire signatures) to the managed devices (after having them downloaded from the internet, hence assuming a working Internet connectivity) and, if this is the case, how this behaviour can be changed/configured.
I have searched through the Panorama Admin Guide for this specific topic, but couldn't find a clear answer. Any reference to technical documentation would also be appreciated.
Not automatically. You must download the specific versions you need to Panorama and then you can deploy en-mass from there. You can also do version jumps like 8.0.13 -> 8.1.7 if you pre-download the required intermediary (8.1.0). Do you need a screenshot?
You can find it in the Panorama interface here -
Panorama > Device Deployment > Software > Download/Install
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!