: Install the SD-WAN Plugin
Focus
Focus

Install the SD-WAN Plugin

Table of Contents

Install the SD-WAN Plugin

Install the SD-WAN plugin version.
Install the SD-WAN plugin version on your Panorama™ management server.
See the Palo Alto Networks Panorama Plugin Compatibility Matrix and review the minimum PAN-OS version required for your target SD-WAN plugin version.
  1. Install the SD-WAN plugin version on Panorama.
    For Panorama in a high availability (HA) configuration, repeat this step on the Panorama HA peer.
    1. Select PanoramaPlugins and Check Now for the latest sd_wan plugin version.
    2. Download and Install the latest version of the SD-WAN plugin.
    3. After the new plugin version successfully installs, view the Panorama Dashboard and in the General Information widget verify that the SD-WAN plugin displays the SD-WAN plugin version you have installed.
  2. (Existing deployments only) Clear the SD-WAN cache on Panorama.
    This step is required for existing SD-WAN deployments that you upgrade the SD-WAN plugin to any of the following SD-WAN plugin versions.
    • SD-WAN plugin 1.0.4 and later 1.0 versions
    • All SD-WAN plugin 2.0 versions
    • All SD-WAN plugin 2.1 versions
    For new SD-WAN deployments, you do not need to clear the SD-WAN cache on Panorama if you install the Panorama plugin for SD-WAN version 2.1 on Panorama after you upgrade to PAN-OS 10.1.
    After successful upgrade of the SD-WAN plugin, you must clear the SD-WAN cache on Panorama for existing SD-WAN deployments only. This is required for Panorama to utilize the updated naming convention for IKE gateways and IPSec tunnels.
    Clearing the SD-WAN cache does not delete any existing SD-WAN configuration but modifies the IP address, tunnel, and gateway naming conventions for the new format introduced in Panorama plugin for SD-WAN version 2.1.
    1. Clear the SD-WAN cache on Panorama.
      admin> debug plugins sd_wan drop-config-cache all
    2. Select CommitCommit to Panorama.
    3. Select CommitPush to DevicesEdit Selection and verify that all hub and branch firewalls are included in the Push Scope.
      Before you commit and push, verify that all hub and branch firewalls are online and included in the Push Scope. If any of the branches or hubs are offline or not selected and pushed for commit, there could be connectivity issues between the hub and branch.
    4. Push to your hub and branch firewalls.