This document describes the steps to manually import and install PAN-OS on a Palo Alto Networks device from the CLI.
Download the PAN-OS image from the Palo Alto Networks support portal (support.paloaltonetworks.com):
View the checksum by clicking on the Show MD5 link:
The checksum can be verified once downloaded using utilities, such as, md5sum (Linux) or WinMD5Free (Windows):
Example of md5 checking on linux: # md5sum PanOS_200-5.0.5 d52609c93335e5321b3069a757e28620 PanOS_200-5.0.5
Example of md5 checking on Windows using WinMD5Free:
Once software is staged on the appropriate server for import, run the following command via CLI: > scp import software from <value> Source (username@host:path)
Following example shows a sample path assuming hosted on a Windows SCP Server: > scp import software from firstname.lastname@example.org:c:/scp/PanOS_200-5.0.5 email@example.com's password: **** PanOS_200-5.0.5 99% 180MB 2.7MB/s 00:00 ETA PanOS_200-5.0.5 100% 181MB 2.4MB/s 01:15 PanOS_200-5.0.5 saved
Once uploaded, you can then initiate an install. Note: Software that is retrieved/downloaded directly from the update server (for example, imports with SCP/TFTP) will NOT populate the list of available/downloadable images.
> request system software install file <value> PanOS_200-5.0.5 2013/05/30 18:27:51 185051.1K <value> Upgrade to a software package by filename
Go to Device > Software and click Install From File. Then, manually scroll for the imported image in the drop-down menu.
Note: The step to import the PAN-OS image (Step 4 above) can also be performed with TFTP using the following command:
> tftp import software from <tftp host> file <Source path>
The following lines show a complete example:
> tftp import software from 10.10.10.10 file PanOS_200-5.0.5
mode set to octet
Connected to 10.10.10.10 (10.10.10.10), port 69
getting from 10.10.10.10:PanOS_200-5.0.5 to /tmp/cli.tmp.MX0Ilu [octet]
Received 189492288 bytes in 269.5 seconds [5624095 bit/s]
Step 5 for the PAN-OS install procedure still applies regardless of import method.
Note: Download the base image. Do not install at this time. Next download and install the minor release. Reboot device.