Failed upgrade

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Failed upgrade

L4 Transporter

I tried to do an upgrade from 7.1.13 to 7.1.14 and it appeared to install fine, but the ports, all the ports, failed to come up again. So I rolled it back to 7.1.13 and it went back to working fine

6 REPLIES 6

L4 Transporter

@BPry @reaper @kiwi

Any thoughts on this upgrade failure?

 

I tried to do an upgrade from 7.1.13 to 7.1.14 and it appeared to install fine, but the ports, all the ports, failed to come up again. So I rolled it back to 7.1.13 and it went back to working fine

Hello,

Do you have the PAN's in HA? If yes, when it reboots it fails over to the over to the 'standby' firewall and the one that rebooted will be passive and all ports will be down.

 

Thoughts?

That would be my first guess as well @OtakarKlier, in an HA cluster the peer on the _lowest_ PAN-OS version gets priority, so that would be one likely scenario

 

a second scenario could be a 'stuck' autocommit, which is easy to verify:

> show jobs all 

> show chassis-ready

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper @OtakarKlier

 

I do have an HA pair but I was upgrading the passive firewall first in case I have issues, so there should be no failover because it is the passive firewall. But it should all the port grey out, could not talk to the primary firewall on the heart beat. When I rolled it it back from 7.1.14 to 7.1.13 everything went back to normal.  I am including a pic of the firewall after rolling back.passive.PNG

@reaper @OtakarKlier

 

I did see a failed autocommit  int he system logs which I also downloaded. 

 

1 1/25/2018 14:13 7801000986 SYSTEM general 0 1/25/2018 14:13 general 0 0 general high Autocommit job failed 440868 0x0 0 0 0 0 
1 1/25/2018 14:13 7801000986 SYSTEM sslmgr 0 1/25/2018 14:13 sslmgr-config-p1-abort 0 0 general informational

 

@reaper @Otakar.Klier @BPry

 

So far I opened a ticket with TAC and uploaded the system logs and they sent me instructions how to upgrade. I know that things can change and processes need to change but in at least 2 years of more that I have been doing the upgrade this way it has always worked

  • 3242 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!