Install a PAN-OS Software Patch
Table of Contents
PAN.OS 10.2
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Install a PAN-OS Software Patch
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 10.2
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Install a PAN-OS Software Patch
Install critical bug and Common Vulnerability and Exposure (CVE) fixes on your
Panorama™ management server.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Review the PAN-OS 10.2 Release Notes and then use the
following procedure to install a PAN-OS software patch to address bugs and Common
Vulnerability and Exposures (CVE) in the PAN-OS release currently running on your
Panorama™ management server. Installing a PAN-OS software patch applies fixes to
bugs and CVEs without the need to schedule a prolonged maintenance and allows you to
strengthen your security posture immediately without introducing any new known
issues or changes to default behaviors that may come with installing a new PAN-OS
release. Additionally, you can revert the currently installed software patch to
uninstall the bug and CVE fixes applied when you installed the software patch.
A system log is generated (MonitorLogsSystem) when a PAN-OS software patch is installed or reverted. An outbound
internet connection is required to download the PAN-OS software patch from the Palo
Alto Networks Customer Support Portal.
Install
Install critical bug and Common Vulnerability and Exposure (CVE) fixes when your
Panorama™ management server has outbound internet access.
- Select PanoramaSoftware and Check Now to retrieve the latest PAN-OS software patches from the Palo Alto Networks Update Server.
- Check (enable) Include Patch to display all available PAN-OS software patches.
- Locate the software patch for the PAN-OS release currently installed on Panorama.A software patch is denoted by a Patch label displayed alongside the Version name.
- View More Info to review the software patch details such as the critical bug and CVE fixes and whether the Next-Gen firewall needs to be restarted for the fixes to be applied.
- Download the software patch.(HA only) Check (enable) Sync to HA Peer and Continue Download to download the PAN-OS software patch.Click Close after the software patch successfully downloaded.
- Install the software patch.After the software patch has successfully installed, click Close.
- Apply the software patch.Click Apply when prompted to confirm you want to apply the installed PAN-OS software patch to Panorama.A status bar is displayed showing the current progress of the PAN-OS software patch application. Click Close after the patch is successfully applied.At this point, Panorama automatically reboots if a reboot is required to complete applying the PAN-OS software patch to Panorama.
- (HA only) Install the PAN-OS software patch on the Panorama HA peer.
- Log in to the Panorama web interface of the HA peer.
- Select PanoramaSoftware Check Now.
- Install the software patch.
- Reboot Panorama if required.
Revert
Revert the critical bug and Common Vulnerability and Exposure (CVE) fixes applied by
installing the PAN-OS software patch on Panorama™ management server.
- Select PanoramaSoftware and locate the PAN-OS software patch you want to revert.
- Revert the software patch.Click Revert when prompted to confirm you want to revert the installed PAN-OS software patch on Panorama.A status bar is displayed showing the current progress of the PAN-OS software patch application. Click Close after the patch is successfully applied.At this point, the firewall automatically reboots if a reboot is required to complete applying the PAN-OS software patch to Panorama.