Under general functionality, its not used/needed when they are already deployed, if you are referring to the following.
There is very little reason to boot a firewall into maintenance mode. Some examples would be performing a factory reset, setting FIPS, CCEAL4, performing a disk check, disk image changes, content rollbacks, and stuff like that. I would say easily that 95% if not more of Palo Alto customers should never have to boot into maintenance mode.
I have a ticket open because my upgrade to 7.1.14 from 7.1.13 failed and according to the system logs and TAC it is due to a autocommit failure. It was their recommendation to go into maintenance mode and attempt the upgrade again. Since I can't really understand most of what the TAC tech says or writes I am confused.
If everything fails ... before going into maint mode and performing a factory reset I would suggest trying to revert back to the previous version using the 'debug swm revert' CLI.
Good luck !
I was able to revert back to the previous version through the GUI with no issue and maintenance mode was the recommendation of TAC, not sure why. But I was thinking about attempting the upgrade again in hopes of collecting additional information. TAC said when I reverted back to the pervious version it wiped out the logs, but for some reason it did do anything to the system logs. So this command debug swm revert' CLI. besides reverting back to the previous version does it get me additional information? FYI I have two PA's in and HA pair. The PA I am trying to upgrade is the passive firewall
Not sure why TAC would tell you to update through maintenance mode, that seems rather odd to me as long as you were able to revert to a working configuration. In past experiance autocommit issues have always been solved by a rollback and then repeating the process, usually I simply restart the box in question before I attempt the upgrade again just so I know it's got a 'clean' baseline. I've never heard of anyone recommending an upgrade through maintenance mode for anything.
To be clear, I think what TAC is telling you to do would likely work perfectly fine. I just don't think it's actually necessary and you can get yourself in a little bit of a pickle in maintenance mode if you aren't being careful.
debug swm anything gives you slightly more information than would previously be available. The revert command however will revert the configuration to the last successfully loaded version, I believe that it enables a little bit of extra debugging on the software manager during the process. You may want to run the command 'debug swm history' and verify exactly what the failure reason was. If it was trully just an autocommit issue I would recommend simply attempting the upgrade again after restarting the box; generally that's cleared things up for me in the past.
this was the process I followed
1. Downloaded and upgraded the passive PA to 7.1.13 to 7.1.14
2. Rebooted, when it came back up the status light was yellow the interfaces were all greyed out and it kept saying autocommit failed.
3.Gave it 15 or 20 minutes to see if it would come back on its own
4. Rebooted the firewall
5. When it came back up the status light was yellow the interfaces were all greyed out and it kept saying autocommit failed.
6. Reinstalled 7.1.13 and rebooted. Everything came back fine
7. Upgraded the passive PA to 7.1.13 to 7.1.14
8. Rebooted, when it came back up the status light was yellow the interfaces were all greyed out and it kept saying
9. Reinstalled 7.1.13 and rebooted. Everything came back fine
10. Tried to collect all the information and logs to open a ticket with TAC
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!