This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Palo Alto VM-300 firewall in Azure with 40GB system disk needs 60GB for PAN-OS 10.0 upgrade

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Palo Alto VM-300 firewall in Azure with 40GB system disk needs 60GB for PAN-OS 10.0 upgrade

palo_altogether
L0 Member

‎03-14-2022 11:11 AM

Hello all,

 

We have a Palo Alto VM-300 firewall in Azure which was deployed from the market place with a 40GB system disk.

To upgrade to PAN-OS 10.0 and above, the system disk needs to be a minimum of 60GB.

Has anyone done this before?

What is the best approach?

 

Thanks

Palo Altogether
1 person had this problem.
0 Likes Likes
1 REPLY 1

karlgillego
L0 Member

‎07-06-2022 10:44 AM

I want to preface this by saying that after completing the below in a DEV environment, we ended up completely swapping out with new VMs built directly on 9.1.x in PROD.  It just didn't seem like this was going to be supported by TAC.

 

IMO, Palo's KB (link #1) on this topic is unfortunately rather vague.  The only thing the article offers after cloning the osDisk is

  • Remove the original system disk.
  • Power on the VM-Series firewall.
It is not that simple in Azure as you cannot detach an osDisk from a VM even if it has been deallocated.  What ended up working is the following.
  1. Take a snapshot of the existing osDisk.
  2. Create a new disk that's 60GB in size using the snapshot as a source.
  3. Use method in Link #2 to swap the osDisk while the VM is deallocated.
It did appear to work as after the upgrade to 9.1.x, the new disk was partitioned correctly.
 
You should also be aware that we ran into a known issue with PAN-167306 (Link #3).  After the upgrade to 9.1.x, it was as if the secondary dataDisk attached for logging was completely gone.  After the step upgrades finished, another reboot from the Azure side (not the PAN-OS side) was required for the dataDisk to mount correctly.
 
0 Likes Likes
  • 2982 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks