Title pretty much says it all but we're wanting to move to 8.0.6 since it is a Palo Alto support recommended version. We're currently running 7.1.4 I believe with both of our active/active firewalls. Panorama is already on the 8.0.x track.
My normal update procedure is to apply the update to one firewall, let it reboot and come back online and start passing traffic and then do the same to the other one. Usually only results in 5 to 10 seconds of dropped traffic when each firewall goes down.
I figured there is probably no difference in the actual upgrade procedure but I wanted to check to see if anyone has run into any gotchas or any settings that need to be modified once the new version is online that might result in a longer outage otherwise?
I didn't get any complaints but I was doing it between 6 am and 8 am on a Saturday morning which is a low traffic time for us.
I expect there was since one firewall was told to stop responding and the other was not already operating as an active. Generally I see some traffic drops when I put one in standby due to a combination of OSPF convergence and the really unfortunate way I'm having to do traffic routing via Policy-Based Routing and ping watchdogs (I keep running into issues with "set ip next-hop recursive" and the hardware I'm using).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!