Panorama Plugins Upgrade/Downgrade Considerations
Table of Contents
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.0
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Panorama Plugins Upgrade/Downgrade Considerations
Upgrade/downgrade considerations for Panorama plugins.
The following table lists the new features that have
upgrade or downgrade impact. Make sure you understand fall upgrade/downgrade
considerations before you upgrade to or downgrade from a PAN-OS
11.0 release. For additional information about PAN-OS 11.0 releases,
refer to the PAN-OS 11.0 Release Notes.
Feature | Upgrade Considerations | Downgrade Considerations |
|---|---|---|
Panorama Plugins
| Before you upgrade to PAN-OS 11.0, you must download
the Panorama plugin version supported on PAN-OS 11.0 for all plugins
installed on Panorama. This is required to successfully upgrade
to PAN-OS 11.0. See the Compatibility Matrixfor
more information. | To downgrade from PAN-OS
11.0, you must download the Panorama plugin version supported on
PAN-OS 10.2 and earlier releases for all plugins installed on Panorama. See
the Panorama Plugins Compatibility
Matrix for more information. |
( Enterprise DLP ) After upgrading Panorama
to PAN-OS 10.2, you must install Application and Threats content
release version 8520 on all managed firewalls
running PAN-OS 11.0 or earlier release. This is required to successfully
push configuration changes to managed firewalls leveraging Enterprise
DLP that you did not upgrade to PAN-OS 10.2. | ||
( Enterprise DLP ) Loading a Panorama configuration
backup that does contain the Shared Enterprise DLP configuration
deletes the shared App exclusion filter required to scan non-file
based traffic. | ||
( SD-WAN ) Panorama plugin for SD-WAN
2.2 and earlier releases are not supported in PAN-OS 11.0.Upgrading
a Panorama management server to PAN-OS 11.0 when the Panorama plugin for
SD-WAN 2.2 or earlier release is installed causes the SD-WAN plugin
to be hidden in the Panorama web interface or causes the SD-WAN
configuration to be deleted. In both cases, you are unable to install
a new SD-WAN plugin version or uninstall the SD-WAN plugin. | ||
SD-WAN | After successful upgrade of Panorama to
PAN-OS 11.0 and the Panorama plugin from SD-WAN version 2.0.0 to SD-WAN
version 3.0, you must clear the SD-WAN cache on Panorama for existing
SD-WAN deployments only. Clearing the SD-WAN cache does not
delete any existing SD-WAN configuration but deletes the IP address, tunnel,
and gateway naming conventions for the new format introduced in
Panorama plugin for SD-WAN version 3.0. For new deployments
of SD-WAN, you do not need to clear the SD-WAN cache on Panorama
if you install the Panorama plugin for SD-WAN version 3.0 on Panorama
after you upgrade to PAN-OS 11.0.
| None. |