04-07-2021 11:59 AM
Greetings,
We are looking for suggestions/thoughts for our next upgrade to our PAN management server - we are running PAN 8.1.13 on a Model M-600. We are looking to go to 9.x - not sure whether 9.0 or 9.1 at this point.
Probably will be decided based on the feedback we get from this post.
So bottom line:
- Which version would you recommend? Should I ask why?
- Were there any published guides/videos that you found particularly useful to follow for your upgrade
- Any "gotchas" you ran into and you thought - Man, how come they didn't mention this ****?
- Did you develop any inhouse upgrade guide that you would be willing to share?
- Of course, any other thoughts/comments/banter are welcomed
Thanks in advance for you replies
04-07-2021 01:28 PM - edited 04-07-2021 01:31 PM
Always select the latest version as for 9.1 this is palo alto 9.1.8 and suggest this than 9.0.13. Also check your disk space before the upgrade https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS and download and install the latest dynamic updates on the Panorama and the firewalls. Don't forget to go first to latest 8.1 release then to 9.0 and then 9.1 (https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/upgrade-to-pan-os-91/upgrade-the-fi...) Also save and export the Panorama config before the upgrade (https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/administer-panorama/manage-panorama-an... and https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgKCAS)
Also read this:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRrCAK
04-07-2021 02:23 PM
- Which version would you recommend? Should I ask why?
- Were there any published guides/videos that you found particularly useful to follow for your upgrade
- Any "gotchas" you ran into and you thought - Man, how come they didn't mention this ****?
- Did you develop any inhouse upgrade guide that you would be willing to share?
- Of course, any other thoughts/comments/banter are welcomed
1. I'd go with 9.1 as it is practically the same code train as 9.0 (they only added sdwan and some minor features) and it's already pretty mature, plus it's EoL date is still far away (9.0 ends next year)
2. this is a solid article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRrCAK
3. lock-step the upgrade, don't go all the way on one member only unless you're ok to have downtime, make sure the content packages are up-to-date. Go for the latest maintenance release in 9.0, even though you're headed for 9.1. nothing sucks more than getting stuck on an early 9.0 bug while upgrading to 9.1 . Make backups and download them off the box
4. yep, look at my signature 😉
5. see 3.
04-07-2021 01:28 PM - edited 04-07-2021 01:31 PM
Always select the latest version as for 9.1 this is palo alto 9.1.8 and suggest this than 9.0.13. Also check your disk space before the upgrade https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS and download and install the latest dynamic updates on the Panorama and the firewalls. Don't forget to go first to latest 8.1 release then to 9.0 and then 9.1 (https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/upgrade-to-pan-os-91/upgrade-the-fi...) Also save and export the Panorama config before the upgrade (https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/administer-panorama/manage-panorama-an... and https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgKCAS)
Also read this:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRrCAK
04-07-2021 02:23 PM
- Which version would you recommend? Should I ask why?
- Were there any published guides/videos that you found particularly useful to follow for your upgrade
- Any "gotchas" you ran into and you thought - Man, how come they didn't mention this ****?
- Did you develop any inhouse upgrade guide that you would be willing to share?
- Of course, any other thoughts/comments/banter are welcomed
1. I'd go with 9.1 as it is practically the same code train as 9.0 (they only added sdwan and some minor features) and it's already pretty mature, plus it's EoL date is still far away (9.0 ends next year)
2. this is a solid article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRrCAK
3. lock-step the upgrade, don't go all the way on one member only unless you're ok to have downtime, make sure the content packages are up-to-date. Go for the latest maintenance release in 9.0, even though you're headed for 9.1. nothing sucks more than getting stuck on an early 9.0 bug while upgrading to 9.1 . Make backups and download them off the box
4. yep, look at my signature 😉
5. see 3.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
