Has anyone had to revert back from an upgrade? Especial from 7 OS from a 6 OS? If so how did you do it and how easy was it? I am preparing to move from 6.1.10 to 7.06 and I want to make sure that I cover every possible scenario. Luckily I have a secondary that I can try it on first.
Can you revert back and reinstall the previous OS that you upgraded from?
Can you do a factory reset and reload the recent configuration that you exported before upgrading?
Any ideas you have would be helpful
I haven't done it, maybe others have and can provide realworld info on the subject. However as I understand it, you're only going to run into an issue if you implement/use some new policy feature that exists in version 7.0.X that didn't in the prior 6.1.X version.
So as long as you're just doing a simple upgrade and not implement anything new a revert should be ok. Again, that's just my basic understanding.
It is always good practice to export config out and have it on hard drive before upgrades.
If you forget this step and want to revert back then just load old config in firewall (Palo keeps last 100 configs on disk) and use command debug swm revert.
if you did your upgrade in one go (so 6.1.10 -> 7.0.6 NOT 6.1.10 -> 7.0.0 -> 7.0.6) , you can simply revert using the swm debug command:
> debug swm status Partition State Version -------------------------------------------------------------------------------- sysroot0 REVERTABLE 7.0.5 sysroot1 RUNNING-ACTIVE 7.1.1 maint READY 7.1.1 > debug swm revert
Before you upgrade take the config back.
We can revert by the help of following commands:
debug swm status
debug swm revert
If above command doesn't help the we can try a factory reset and then can load the saved config.
Please note that there is currently the situation that you cannot directly upgrade from 6.1.10 to 7.0.6, provided this applies to your environment.
See warning in release notes:
Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgrade a firewall to PAN-OS 7.0. Additionally, if virtual system (vsys) configuration is not enabled on your firewall or appliance, you must reboot your firewall or appliance after you install PAN-OS 7.0.1 and before you upgrade to PAN-OS 7.0.3 or a later release.
So you would need to install 7.0.1, reboot, then install 7.0.6 and reboot again. However, then the 6.1.10 is no longer available in the partition and simple revert is not possible.
By the way downgrade is even easier as autosave config is taken during upgrade.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!