Managed Palo Alto firewalls are running 9.1.11 and are unaffected by CVE-2021-44228 but Panorama running 9.1.11 is. If I upgrade Panorama to 10.1.2, will I have any problem with it seeing and managing the managed Palo's still running 9.1.11?
When it comes to Panorama as long as Panorama is running PAN-OS version higher than managed Firewall you will not have an issue to manage Firewalls and collect logs, so in your case you will not have issue to manage Firewalls running 9.1 after upgrading Panorama to 10.1.
For now, I am only worried about customers running M-100 that can run highest version 9.1. For those like @ChristianBolelli mentioned Palo Alto will hopefully release Hotfix in 9.1 release.
One thing to take into consideration before upgrading Panorama to 10.1.x and managing 9.1.x firewalls is "Panorama should be running the same or a later version of a feature release than the firewall (more than two feature versions is supported but not recommended)" I would take a close look at changes and additions to features in 10.0 and 10.1, because you may run in to odd issues when pushing out new configs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!