Due to recent changes in the PAN-OS 7.1 software release, it is important to note that for existing FIPS-enabled devices to complete the upgrade, you will need to follow the below steps.
IMPORTANT! This process will remove the existing configuration from your device, so it is mandatory to export a backup of the configuration off of the system before proceeding.
Backups saved locally on the device will be removed when making the below changes. For HA configurations, it is advised to export the configuration from both members individually.
Before attempting to upgrade, complete the following steps in order.
Step 1. Create a backup of your configuration and confirm it is valid on the remote system you have exported to before proceeding.
The following article explains the necessary procedure to export the running configuration via SCP.
Step 2. Enter Maintenance mode. If the device is currently booted, you can enter this mode with this command:
>debug system maintenance-mode
Step 3. Enable CCEAL4 Mode.
From Maintenance mode, select the option 'Set CCEAL4 Mode'
The following guide provides step-by-step instructions and images for this:
This will reboot the device and reset the IP address to 192.168.1.1 with the default credentials.
After completing all the steps, (1-3 above), you can proceed with re-importing your running configuraiton and continue upgrading to the 7.1.x software release.