Revert back a 6 OS from 7 OS

L4 Transporter

Revert back a 6 OS from 7 OS

Has anyone had to revert back from an upgrade?  Especial from 7 OS from a 6 OS? If so how did you do it and how easy was it? I am preparing to move from 6.1.10 to 7.06 and I want to make sure that I cover every possible scenario. Luckily I have a secondary that I can try it on first.

Can you revert back and reinstall the previous OS that you upgraded from?

Can you do a factory reset and reload the recent configuration that you exported before upgrading?

Any ideas you have would be helpful


Cyber Elite

I haven't done it, maybe others have and can provide realworld info on the subject.  However as I understand it, you're only going to run into an issue if you implement/use some new policy feature that exists in version 7.0.X that didn't in the prior 6.1.X version.


So as long as you're just doing a simple upgrade and not implement anything new a revert should be ok.  Again, that's just my basic understanding.

L7 Applicator

It is always good practice to export config out and have it on hard drive before upgrades.

If you forget this step and want to revert back then just load old config in firewall (Palo keeps last 100 configs on disk) and use command debug swm revert.

Enterprise Architect @ Cloud Carib
L7 Applicator

if you did your upgrade in one go (so 6.1.10 -> 7.0.6 NOT 6.1.10 -> 7.0.0 -> 7.0.6) , you can simply revert using the swm debug command:


> debug swm status

Partition         State             Version
sysroot0          REVERTABLE        7.0.5
sysroot1          RUNNING-ACTIVE    7.1.1
maint             READY             7.1.1

> debug swm revert    


Tom Piens -
Like my answer? check out my book!
L5 Sessionator

Before you upgrade take the config back.


We can revert by the help of following commands:


debug swm status
debug swm revert


If above command doesn't help the we can try a factory reset and then can load the saved config.

L4 Transporter

Please note that there is currently the situation that you cannot directly upgrade from 6.1.10 to 7.0.6, provided this applies to your environment.


See warning in release notes:


Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgrade a firewall to PAN-OS 7.0. Additionally, if virtual system (vsys) configuration is not enabled on your firewall or appliance, you must reboot your firewall or appliance after you install PAN-OS 7.0.1 and before you upgrade to PAN-OS 7.0.3 or a later release.


So you would need to install 7.0.1, reboot, then install 7.0.6 and reboot again. However, then the 6.1.10 is no longer available in the partition and simple revert is not possible.

L4 Transporter

Really I also opened a case we tac and they did not mention that, thanks for the info I will add that as a question on my ticket

L7 Applicator

By the way downgrade is even easier as autosave config is taken during upgrade.

Enterprise Architect @ Cloud Carib
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!