Issue
When attempting to upgrade PAN-OS on managed devices with Panorama, in a non-Internet-connected environment, the user may observe the following symptoms:
- The Panorama-managed devices do not appear as upgrade targets in the GUI after selecting Panorama > Device Deployment > Software, selecting a download (or manually uploaded) and applicable PAN-OS version and then clicking Install.
- Although not visible in the GUI, per the steps above, the managed devices do appear listed as upgrade targets when the following upgrade command is issued in the Panorama CLI: request batch software install file [upgrade binary file name] devices ?
Note: The use of the “?” is part of the command, it prompts Panorama to list managed devices that are available upgrade targets.
The following conditions are present in the environment:
- Panorama has NO support license information for itself
- Panorama has NO support license information for its managed devices
- User is attempting to upgrade PAN-OS of managed devices via the GUI
- Attempting a refresh of either Panorama or managed devices’ support licenses by clicking the Panorama > Device Deployment > Licenses node, then clicking the Refresh button in the bottom of the main GUI window fails.
Workaround
In this circumstance, upgrading the managed devices must be accomplished through the CLI, as outlined above (replacing the “?” character with the target device’s ID/SN to the end of the command). Upon successful entry of the command, the CLI will report the job ID of that specific upgrade and monitor its status through the command:
> show jobs id [job id of upgrade]
To reboot the device after upgrade remotely with the CLI, issues the command:
> request batch reboot devices [ID/SN of target managed device to reboot]
admin@M-100> request batch software upload file PanOS_3000-7.1.5 devices 001801000000
Job enqueued with jobid 70591
70591
admin@M-100> show jobs id 70591
Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2016/10/19 10:36:04 10:36:04 70591 DeployUpload FIN OK 100 %
001801000000 DeployFin OK
Warnings:
Details:
001801000000:
Image uploaded
admin@M-100> request batch software install file PanOS_3000-7.1.5 devices 001801000000
Executing this command will install a new version of system software. It will not take effect until system is restarted. Do you want to continue? (y or n)
Job enqueued with jobid 70592
70592
admin@M-100> show jobs id 70592
Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2016/10/19 10:38:01 10:38:01 70592 DeployInstall FIN OK 100 %
7592 001801000000 DeployFin OK 10:41:11
Warnings:
Details:
001801000000:
Installation initiated
Software installation successfully completed. Please reboot to switch to the new version
admin@M-100> request batch reboot devices 001801000000
All devices rebooted
001801000000
myNGFW
Successfully rebooted
admin@M-100>