Revert back a 6 OS from 7 OS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Revert back a 6 OS from 7 OS

L4 Transporter

Has anyone had to revert back from an upgrade?  Especial from 7 OS from a 6 OS? If so how did you do it and how easy was it? I am preparing to move from 6.1.10 to 7.06 and I want to make sure that I cover every possible scenario. Luckily I have a secondary that I can try it on first.

Can you revert back and reinstall the previous OS that you upgraded from?

Can you do a factory reset and reload the recent configuration that you exported before upgrading?

Any ideas you have would be helpful

 

7 REPLIES 7

L6 Presenter

I haven't done it, maybe others have and can provide realworld info on the subject.  However as I understand it, you're only going to run into an issue if you implement/use some new policy feature that exists in version 7.0.X that didn't in the prior 6.1.X version.

 

So as long as you're just doing a simple upgrade and not implement anything new a revert should be ok.  Again, that's just my basic understanding.

It is always good practice to export config out and have it on hard drive before upgrades.

If you forget this step and want to revert back then just load old config in firewall (Palo keeps last 100 configs on disk) and use command debug swm revert.

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Downgrade-PAN-OS/ta-p/58664

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Cyber Elite
Cyber Elite

if you did your upgrade in one go (so 6.1.10 -> 7.0.6 NOT 6.1.10 -> 7.0.0 -> 7.0.6) , you can simply revert using the swm debug command:

 

> debug swm status

Partition         State             Version
--------------------------------------------------------------------------------
sysroot0          REVERTABLE        7.0.5
sysroot1          RUNNING-ACTIVE    7.1.1
maint             READY             7.1.1

> debug swm revert    

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L5 Sessionator

Before you upgrade take the config back.

 

We can revert by the help of following commands:

 

debug swm status
debug swm revert

 

If above command doesn't help the we can try a factory reset and then can load the saved config.

Please note that there is currently the situation that you cannot directly upgrade from 6.1.10 to 7.0.6, provided this applies to your environment.

 

See warning in release notes:

https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os-release-notes/pan-os-7-0-6-addressed...

 

Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgrade a firewall to PAN-OS 7.0. Additionally, if virtual system (vsys) configuration is not enabled on your firewall or appliance, you must reboot your firewall or appliance after you install PAN-OS 7.0.1 and before you upgrade to PAN-OS 7.0.3 or a later release.

 

So you would need to install 7.0.1, reboot, then install 7.0.6 and reboot again. However, then the 6.1.10 is no longer available in the partition and simple revert is not possible.

Really I also opened a case we tac and they did not mention that, thanks for the info I will add that as a question on my ticket

By the way downgrade is even easier as autosave config is taken during upgrade.

https://www.paloaltonetworks.com/documentation/71/pan-os/newfeaturesguide/upgrade-to-pan-os-7-1/down...

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 3190 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!