07-17-2024 02:47 AM - edited 07-17-2024 02:49 AM
Hi,
We recently upgraded our Palo Alto 1410 Firewall to PAN-OS-11.1.2-h3 from PAN-OS-11.0.4-h1.
After Upgrade there was no incoming traffic from external networks. There were no hits or logs showing incoming traffic.
Internet Outbound traffic was going through normally.
IPSEC VPN tunnels were working normally.
Support team checked and wanted us to downgrade to the previous version.
Is this a bug in PAN-OS 11.1 ?
Has anyone ever faced this issue after PAN-OS upgrades ?
Should we install the base image for 11.1 before we upgrade to 11.1.2-h3?
Any ideas and suggestiions are welcome.
Thanks
Hari
09-23-2024 05:22 AM
Yes the base image is downloaded.
10-01-2024 02:09 AM
Same here.
Panorama upgrade fails in install after a few seconds.
11.0.3-h5 -> 11.1.4-h1 fails.
11.1.0 -> 11.1.4-h1 fails
11.1.0 -> 11.1.3-h6 fails
The error message are the same.
Still waiting for an analysis from our partner.
10-02-2024 12:36 AM
Any news on the TAC case?
We are experiencing the same problem.
10-02-2024 04:13 AM
ASC TAC says. they found similar issues. The solution was to delete all software images and redownload the required ones.
This did not help in our case.
Recommendation was to upgrade via CLI to get more error output, but in our case the output was the same which is displayed by the GUI.
I hope, they will escalate this to PAN TAC.
10-19-2024 12:08 PM
Had a session with Palo TAC. root level access at the beginning of the week. Expected solution did not work. Next solution: reinitialize Elastic Search, losing all logs. Not an option. Palo engineer wanted to check with colleagues for other workarounds. Yesterday I got new suggestions, which I have not tested, yet: Upgrade to 11.0.5 or 11.06 and then to 11.1.4 or go directly to 11.1.5 which fixes PAN-258757.
10-23-2024 11:33 PM
Did you test the suggestion in the meantime?
We got the answer that a simple "es_restart" shoud fix the problem. But I'm not so sure about that. But it's very interesting why TAC needs four technicians and two weeks for this answer 🤣
10-24-2024 02:00 AM
That is what the Palo TAC tried. It did not help in our case.
Next suggestion was to try 11.0.5 or 11.0.6 as internediate Version.
I tried with 11.0.6 since it has only 2 fixes more than 11.0.5. The upgrade to 11.1.4-h1 failed.
Then I tried the last option: 11.1.5. It also failed.
I have deleted and redownloaded the images as requested.
Since in 11.0.6 the Software list (Panorama->Software) was incomplete and I could not fix it. I decided to revert to the snapshot I created before the upgrade attempt.
I also found this: https://live.paloaltonetworks.com/t5/panorama-discussions/unable-to-upgrade-panorama-to-11-1-4-h1/td...
May be better to continue the discussion over there, because we are off-topic here.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
