Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Upgrading Panorama and Firewalls to 7.0.3

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Upgrading Panorama and Firewalls to 7.0.3

L1 Bithead

Hey All,

I have some questions regarding the upgrade of Panorama and firewalls to version 7.0.3. I am looking to upgrade both fairly soon, and want to avoid any gotchas. My environment currently has Panorama at 6.1.4 and all firewalls at 6.1.4 or 6.1.2. I am aware of the need to upgrade to major versions prior to minor versions (for example, 7.0 before 7.0.3). The first question I have is regarding Panorama. I just did a Check Now for my Panorama software, and a base 7.0 did not show up, only 7.0.1, 7.0.2, and 7.0.3. Does Panorama not adhere to the 7.0 base first rule?

 

With regard to the firewalls, I see what looks like a base 7.0 under Device Deployment>Software in my Panorama console. However, it seems to be named different (See screenshot below) and has an "m" designation. Based on what I read, I would be downloading and installing this, then downloading and installing the 7.0.3 version for my firewall model, correct? Also, how long can I wait between upgrading Panorama and the firewalls. I had thought to upgrade Panorama and wait a few days before doing the firewalls, but now I see mention of an LDAP issue when doing a commit through Panorama when it is 7.x and the firewalls are 6.x. These are the gotcha type issues I am hoping to avoid.

 

If anyone can provide insight on their experience with the upgrade process, I will greatly appreciate it.

1 accepted solution

Accepted Solutions

According to the steps, you just need to download the base image and then download/install the image you want to go to:

 

https://www.paloaltonetworks.com/documentation/70/pan-os/newfeaturesguide/upgrade-to-pan-os-7-0/upgr...

 

 

View solution in original post

9 REPLIES 9

L1 Bithead

Hi Scott,

 

PAN OS 7.0.0 was pulled off due to a major vulnerability. So, it is no more available for downloads and the base image has been replaced by 7.0.1. So, you will need to download 7.0.1 to upgrade to higher major versions.

L1 Bithead

I just realized I forgot my screenshot. Sorry about that.

 

Panorama Downloads.JPG

Thank you for the information @singh I appreciate it. Can you verify whether upgrading Panorama requires the base version first routine? In the instructions I found, it is not clear whether this is appropriate for Panorama, or just the firewall.

I could be wrong, however I think you just need the version downloaded to the firewall so you dont have to upgrade twice.

 

i.e. going from 6.1.4 ->download the base 7.0.x ->download 7.0.x and install.

According to the steps, you just need to download the base image and then download/install the image you want to go to:

 

https://www.paloaltonetworks.com/documentation/70/pan-os/newfeaturesguide/upgrade-to-pan-os-7-0/upgr...

 

 

L1 Bithead

Okay, I am just going to take Panorama right to version 7.0.3 straight away.From what I have read, it seems Panorama can be taken directly to where it needs to be.

 

For the actual firewalls, I will follow the directions regarding the base version and then the maintenance version.

 

Anyone have any other comments or advice?

Since you have the Panorama, just check and make sure that you are getting config backups of the PAN's. If not, then either configure the Panorama to get them, or just download the configs (more safe than sorry approach). Other than that its pretty straight forward.

Base image is required for both Panorama and firewall. 

L1 Bithead

Thank you for the comments everyone. I am going to attempt to upgrade Panorama and my firewalls this Thursday evening, and I am hoping it goes well.

  • 1 accepted solution
  • 4329 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!