cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Different version

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
DGonzalezAR
L2 Linker
‎03-04-2020 06:27 AM
‎03-04-2020 06:27 AM

Different version

I have version 8 on a  PA 3220 and on the secondary device ( hot stand by ) we have version 9, there is some problem in that they work with different versions 

0 Likes
Reply

Accepted Solutions
Highlighted
Vikashh
L2 Linker
‎03-04-2020 08:00 AM
‎03-04-2020 08:00 AM

You need to match PAN OS version.

View solution in original post

0 Likes
Reply
Highlighted
AhmedMoustafa
L0 Member
‎03-11-2020 11:35 AM
‎03-11-2020 11:35 AM

That mean if i need to upgrade the OS on HA we going to have outage in your Scenario.

So, If i need to upgrade the OS.

I have to trigger fail over to pass the traffic through Passive Device.

Then upgrade the Active one and trigger the failover to pass the traffic again to Primary Device.

I think, the Ha should work if we don't have BIG major GAPS between PAN-OS version.

I hope you correct me if i am wrong !

View solution in original post

0 Likes
Reply

All Replies
Highlighted
Vikashh
L2 Linker
‎03-04-2020 08:00 AM
‎03-04-2020 08:00 AM

You need to match PAN OS version.

View solution in original post

0 Likes
Reply
Highlighted
atluri4b8
L1 Bithead
‎03-11-2020 07:20 AM
‎03-11-2020 07:20 AM

@DGonzalezAR 

 

The HA peers should have the same version of PAN-OS and content version, in order to set them into a HA pair.

 

Refer to the documentation below on the HA overview for further details,

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/ha-overview.html

 

Thanks. 

 

0 Likes
Reply
Highlighted
johnde
L2 Linker
‎03-11-2020 10:06 AM
‎03-11-2020 10:06 AM

In order to work HA properly, Both the firewalls should be running the same PAN-OS version and must each be up-to-date on the application, URL, and threat databases.

0 Likes
Reply
Highlighted
AhmedMoustafa
L0 Member
‎03-11-2020 11:35 AM
‎03-11-2020 11:35 AM

That mean if i need to upgrade the OS on HA we going to have outage in your Scenario.

So, If i need to upgrade the OS.

I have to trigger fail over to pass the traffic through Passive Device.

Then upgrade the Active one and trigger the failover to pass the traffic again to Primary Device.

I think, the Ha should work if we don't have BIG major GAPS between PAN-OS version.

I hope you correct me if i am wrong !

View solution in original post

0 Likes
Reply
Highlighted
atluri4b8
L1 Bithead
‎03-11-2020 11:58 AM
‎03-11-2020 11:58 AM

@AhmedMoustafa 

 

When we are upgrading the OS on a HA pair, for active/passive firewalls, must upgrade the passive peer first, suspend the active peer (fail over), update the active peer, and then return that peer to a functional state (fail back).

To prevent fail over during the upgrade of the HA peers, must make sure preemption is disabled before proceeding with the upgrade. We only need to disable preemption on one peer in the pair.

 

You can check the upgrade steps in the link below.

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/upgrade-to-pan-os-90/upgrade-the-fi...

 

 

0 Likes
Reply
Highlighted
DGonzalezAR
L2 Linker
‎03-12-2020 06:46 AM
‎03-12-2020 06:46 AM

Thank you very much we have taken the team to secondary to version 8 and it has worked perfectly then we will migrate to version 9

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks