This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

LYT-OT
L1 Bithead

‎10-03-2023 05:23 PM

Hello,

 

I was about to post a similar question (this is my first time and post here, be gentle :).   I have been handed the task to upgrade 2 sets of PA-820 firewalls which are both in Active-Passive configuration.   

 

- Both sets are used in a 24/7 environment and there is no better time than another to perform upgrades/changes. 

- Both sets have no connection to the internet and are not using any smart/application type filtering and are completely stand alone

- One set is running 9.1.11-h3

- One set is running 10.2.4-h2

- The aim is to upgrade them all to the 11.x version

 

I've been getting familiar with the Palo Alto process and have read a number of guides and have put together this table and would really appreciate any insight from others who know more about this than me to see if I'm on the right path:

 

Upgrade Path from 9.1.x to 11

Version

Release Date

Alternate

Download and install the latest preferred PAN-OS 9.1 maintenance release and reboot.

PanOS_800-9.1.16

04/05/2023

 

Download PAN-OS 10.0.0.

PanOS_800-10.0.0

07/16/2020

 

Download and install the latest preferred PAN-OS 10.0 maintenance release and reboot.

PanOS_800-10.0.11-h1

08/17/2022

Or use 10.0.12 (3/24/23) ?

Download PAN-OS 10.1.0

PanOS_800-10.1.0

06/02/2021

Jump back to 2021 release?

Download and install the latest preferred PAN-OS 10.1 maintenance release and reboot.

PanOS_800-10.1.10-h2

08/03/2023

 

Download PAN-OS 10.2.0

PanOS_800-10.2.0

02/27/2022

Or use 10.2.0-h1 ?

Download and install the latest preferred PAN-OS 10.2 maintenance release and reboot.

PanOS_800-10.2.5

08/17/2023

 

Proceed to Upgrade the Firewall to PAN-OS 11.0.

PanOS_800-11.0.0

11/17/2022

 

Latest Pan-OS 11

PanOS_800-11.0.2-h1

08/16/2023

 

 

The 9.1 set of firewalls looks like I have to do 9 version upgrades along the way whilst the 10.2 set can be upgraded directly to 11 and then its latest update.

 

Am I on the right path here?  Do i start downloading the relevant 9 PanOS files and after capturing backup config, routing tables etc just go for it upgrading and failing over each HA pair?

 

I've used the following for guidance:

 

https://live.paloaltonetworks.com/t5/pancast/pancast-episode-1-four-things-you-must-do-when-upgradin...

https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-...

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-upgrade/upgrade-pan-os/upgrade-the-firewall-pan...

 

Much appreciate any feedback before kicking this off.

 

Cheers, Terry.

 

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks