Three Ways to Upload Code to Upgrade the Pa Firewall.

PaloAlto releases software updates on an on-going footing. It'southward essential that you stay current with the latest stable release of firewall.

On a high-level the following are v piece of cake steps to upgrade PaloAlto firewall:

1. Pre-install: Verify current software version
2. Check Available Software Versions
3. Download Latest Version of PaloAlto
4. Install the Latest version of Firewall Software
5. Mail service-install: Reboot and verify new software version

Apart from upgrading from CLI, this tutorial also explains how to upgrade PAN-Os from PaloAlto panel.

1. Pre-install: Verify electric current software version- from CLI

Starting time, login to the PaloAlto firewall from CLI using ssh as shown beneath.

$ ssh -i thegeekstuff.pem admin@192.168.101.111        

Next, execute the following testify organisation info control to get the electric current version of your software.

admin@PA-VM> show arrangement info | match sw-version sw-version: 9.0.0        

In the above instance, the current version is 9.0.0. Allow us upgrade this to the latest version of ix.0.x

2. Check Available Software Versions – from CLI

Execute the following request system software check command, which will get all the available version of PaloAlto software for your device.

admin@PA-VM> request system software check  Version               Size          Released on Downloaded ------------------------------------------------------------------------- 9.0.2                354MB 2019/05/09  07:57:11         no 9.0.1                345MB 2019/03/28  08:43:16         no 9.0.0                759MB 2019/02/06  08:54:03        yes 8.1.8                465MB 2019/05/08  12:eighteen:31         no 8.1.seven                464MB 2019/03/xviii  22:01:25         no .. ..        

In the above output:

• Version column – This shows all available software version. The latest version volition exist on the top. The electric current latest version in this case is ix.0.ii
• Downloaded column – The "yes" in this column indicates that this particular version of the software is downloaded. Currently it says "yes" but to 9.0.0.

iii. Download Latest Version of PaloAlto – from CLI

Adjacent, execute the asking arrangement software download command, which will download the given version.

In the following case, this command volition schedule a groundwork task to download the 9.0.ii version of the software.

admin@PA-VM> asking system software download version 9.0.two  Download job enqueued with jobid 10 10        

The output of the previous download command will give you lot a chore id. In the previous step, our chore id is 10.

View the condition of this detail job as shown below.

admin@PA-VM> evidence jobs id 10  Enqueued              Dequeued           ID  Type  Status Result Completed --------------------------------------------------------------------------- 2019/05/22 23:57:18   23:57:eighteen   10  Downld   Act   PEND        21% Warnings: Details:        

Annotation: Once the output of the to a higher place command shows 100% completed, motility on to the next step.

Please annotation that upgrading the PANOS will not modify/remove whatsoever of your existing configurations including security and NAT policies.

On a related annotation, to chief paloalto CLI, refer to: xv PaloAlto CLI Examples to Manage Security and NAT Policies

4. Install the Latest version of Firewall Software – from CLI

Finally, execute the following request organisation software install control as show beneath to install the latest version of the software.

admin@PA-VM> asking arrangement software install version 9.0.2        

The above command will requite this info message. Say "y" to the following prompt.

Executing this command will install a new version of software. Information technology volition not take issue until system is restarted. Downgrading from PAN-OS nine.0 to an earlier release requires downgrading the logging infrastructure. Subsequently downgrade, you lot must drift your log data to the previous format. For more information, delight refer to Downgrade from Panorama nine.0 in https://docs.paloaltonetworks.com/downgrade-panorama. Do you want to go on? (y or due north) y

Software install job enqueued with jobid 12. Run 'show jobs id 12' to monitor its status. Please reboot the device later the installation is washed.
12

View the status of the installation using the chore id from the above output.

admin@PA-VM> testify jobs id 12  Enqueued              Dequeued           ID    Type Status Result Completed ------------------------------------------------------------------------------------------------------------------------------ 2019/05/22 23:00:49   23:00:49           12    SWInstall    ACT   PEND        71% Warnings: Details:        

admin@PA-VM> evidence jobs id 12  Enqueued              Dequeued           ID    Blazon  Condition Upshot Completed ------------------------------------------------------------------------------------------------------------------------------ 2019/05/22 23:00:49   23:00:49           12   SWInstall  FIN     OK 23:04:24 Warnings: Details:Software installation successfully completed. Please reboot to switch to the new version.        

Note: I've noticed a strange behavior in the download completed percentage. When information technology reaches, 71% it started going down to 66%, and then started going up over again.

5. Post-install: Reboot and verify new software version – from CLI

Now, reboot the firewall using restart system command as shown below to start the new version.

admin@PA-VM> request restart system Executing this control will disconnect the current session. Practise you want to keep? (y or northward)        

Note: The higher up will disconnect you from the SSH CLI session that you are connected to the PaloAlto firewall.

Broadcast bulletin from root (pts/1) (Wed May 22 23:05:xxx 2019):  The system is going downward for reboot NOW! Connection to 192.168.101.111 closed. fustigate-3.2$        

Finally, later the reboot, execute the testify system info command to make sure the firewall software is upgraded to the latest version.

admin@PA-VM> show system info | match sw-version sw-version: 9.0.two admin@PA-VM>        

Console – Verify Current version

Login to PaloAlto console from a browser. From Dashboard, Under Full general Information section, you lot can come across the electric current version of your PANOS as shown in the example beneath. In this example, the electric current version is 9.0.0

Panel – Install the Latest version of PANOS

From the PaloAlto console, click on "Device" tab, from the left side menu, click on Software every bit shown below. Offset time, yous might non run into listing of available softwares. You may have to click on "Bank check Now" push button that is located at the bottom of this screen as shown below.

This will display all PAN-OS software versions available. In this example, since our current version is 9.0.0, it says "Downloaded" correct next to it. The "Installed" column will accept a check-marking adjacent to the version that is currently installed.

The latest bachelor version will exist displayed at the top of the listing. In this instance, the latest version is 9.0.two. In your case, you might see something newer than this. Click on "Download" nether "Action" cavalcade for the latest version, which volition offset the download.

Once the software is downloaded, the bachelor cavalcade volition show "Downloaded", and the activeness column will bear witness "Install" as show below. Click on install, which will starting time installing the latest version. Installing the latest version will have a small reanimation, equally the device volition reboot later installing. Perform the upgrade simply during a scheduled maintenance window.

Console – Verify New Version of PANOS

After the reboot, login to the PaloAlto panel, and under Dashboard, in the General Information section, you lot'll now see the current version of the PANOS as shown below.

fosterghte1984.blogspot.com

Source: https://www.thegeekstuff.com/2020/06/paloalto-panos-upgrade/

Share this post