12-12-2012 12:49 PM
I am new to Palo Alto firewalls and I am hoping this a quick easy question for somebody who is more familiar with them. I would to like to upgrade my PA500 to latest firmware. It looks like the latest release is 4.1.8 (I am using 4.0.8). I have downloaded 4.1.8 to the firewall. Once I click install on 4.1.8, will that require a reboot of the firewall? I am assuming yes as every other vendor's firewall I have worked does require a reboot. How long should I expect the install/reboot to take? If it does require a reboot is there a way I can schedule the firewall to install the update during non production hours? Also, is there anything I need to know about updating from a 4.0 version to a 4.1? I can't find ANY of the details in the dozens of documents I have read. Any help on this would be appreciated. Thanks!
12-12-2012 12:59 PM
Yes switching firmwares will require a reboot.
In your case running 4.0.8 I think the recommended way of upgrading would be to first download and install (and reboot into) 4.1.0, and then do the same from 4.1.0 into 4.1.8 (or whatever 4.1 version you might want to use - 4.1.9 is the latest currently).
Or while you are at it, go straight to 5.0.x ?
12-12-2012 03:16 PM
Thanks for your answer. One other related question. During the update/reboot process, will my HA or standby PA be updated as well or do I have to jump on it and update it separately? I am hoping it's part of the process. That would be pretty lame if it didn't do it automatically.
12-13-2012 12:00 AM
You will have to update the standby unit on its own for obvious reasons.
One way to limit number of possible hickups for current sessions is to start the update on the standby unit. Then perform a failover and update the other device (this way you only have one failover instead of two). However im not sure what will happen to the session sync when switching major version.
12-13-2012 01:01 AM
You can directly upgrade to 4.1.9 (4.1.0 have to be downloaded but there is no need to install 4.1.0)
Since this is a Major Release update plan more time for the Upgrade.
Depending on the size of your Log Database we have seen upgrade time >30 min
till the Firewall is productive again.
A direct upgrade from 4.0.x to 5.0.x is not possible, you have to go through 4.1.x
please read the Release Notes before upgrading.
Regards
Marco
12-13-2012 09:13 AM
Hi,
If you are going from 4.0.8 to 4.1.8.
The main difference i can think of is that if you are using sslvpn netconnect. It is not available in 4.1.x anymore. It will change the netconnect to global protect automatically.
Also if you are going from 4.0.8 to 4.1.8
the steps would be as follows
download 4.1.0
down and install 4.1.8
and yes after you install the system will require a reboot.
Thanks
Numan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
