This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Testing during Palo Alto 3000 cluster upgrade from 8.1.15-h3 to 9.1.11

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Testing during Palo Alto 3000 cluster upgrade from 8.1.15-h3 to 9.1.11

landoa
L1 Bithead

‎11-08-2021 07:58 AM

Hello,

 

I would like to know if an upgrade that traverses multiple major versions requires testing after an upgrade to each major version?

 

Our upgrade path is:  8.1.15-h3 -> 8.1.20 -> 9.0 -> 9.0.14 -> 9.1 -> 9.1.11

 

Ideally, we would only upgrade one appliance in the cluster all the way to 9.1.11, though I know this is not recommended because appliances in a cluster should not be further than 1 major version apart.

 

So, the conservative path would be to break this into two stages: upgrade entire cluster to 9.0.14 and fully test?  Then proceed to 9.1.11?

 

Thanks for any advice!

 

 

0 Likes Likes
4 REPLIES 4

TomYoung
Cyber Elite
Cyber Elite

‎11-08-2021 08:45 AM

Hi @landoa ,

 

I would upgrade the entire cluster to 9.0.14, then upgrade it again to 9.1.11.

 

I would not test for the interim version since it is only temporary.  I would implement the full test plan for 9.1.11.  The TAC recommended releases are very stable.

 

https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-...

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

OtakarKlier
Cyber Elite
Cyber Elite

‎11-08-2021 01:38 PM

Hello,

While testing never hurts, I have yet to have an upgrade break existing things.

Regards,

landoa
L1 Bithead

‎11-08-2021 11:51 PM

Thanks for this feedback.

 

I've done a few upgrades in the past and also never encountered problems.

 

However, when planning major changes, its always good to have a rollback option.  If we do the upgrade in two steps (testing after each major release), I like that we can easily, and quickly, failover to the other cluster member on the old software version.

 

In case of problems, we have the option to rollback software, but this requires more downtime and is more intensive than a simple failover.  

 

So, I need to decide if we want to take a bit more time with the two-step approach, or run the risk, albeit minimal, that we have to rollback.

 

Thanks again for your two cents!

 

 

 

 

 

 

0 Likes Likes

virat18
L0 Member

‎11-09-2021 04:03 AM

I wouldn't test for the interim version as it's only temporary. I would follow the full test strategy for 9.1.11. The TAC suggested releases are extremely stable. See Palo Alto Networks exams. I'm 100% agree with you, you should need to see following paloaltonetworks link to more clear.

live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-p/258304

  • 2701 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks