: Install a PAN-OS Software Patch
Focus
Focus

Install a PAN-OS Software Patch

Table of Contents

Install a PAN-OS Software Patch

Install critical bug and Common Vulnerability and Exposure (CVE) fixes for Next-Gen firewalls.
Where Can I Use This?
What Do I Need?
  • Next-Gen Firewall
  • Support license
  • PAN-OS 10.2.8 or later 10.2 release
  • Outbound intenet access
Review the PAN-OS 10.2 Release Notes and then use the following procedure to install a PAN-OS software patch to address bugs and Common Vulnerability and Exposures (CVE) in the PAN-OS release currently running on your Next-Gen firewall. Installing a PAN-OS software patch applies fixes to bugs and CVEs without the need to schedule a prolonged maintenance and allows you to strengthen your security posture immediately without introducing any new known issues or changes to default behaviors that may come with installing a new PAN-OS release. Additionally, you can revert the currently installed software patch to uninstall the bug and CVE fixes applied when you installed the software patch.
A system log is generated (
Monitor
Logs
System
) when a PAN-OS software patch is installed or reverted. An outbound internet connection is required to download the PAN-OS software patch from the Palo Alto Networks Customer Support Portal.

Install

Install critical bug and Common Vulnerability and Exposure (CVE) fixes when your Next-Gen firewalls has outbound internet access.
  1. Select
    Device
    Software
    and
    Check Now
    to retrieve the latest PAN-OS software patches from the Palo Alto Networks Update Server.
  2. Check (enable)
    Include Patch
    to display all available PAN-OS software patches.
  3. Locate the software patch for the PAN-OS release currently installed on your Next-Gen firewall.
    A software patch is denoted by a
    Patch
    label displayed alongside the
    Version
    name.
  4. View
    More Info
    to review the software patch details such as the critical bug and CVE fixes and whether the Next-Gen firewall needs to be restarted for the fixes to be applied.
  5. Download
    the software patch.
    (
    HA only
    ) Check (enable) Sync to HA Peer and
    Continue Download
    to download the PAN-OS software patch.
    Click
    Close
    after the software patch successfully downloaded.
  6. Install
    the software patch.
    After the software patch has successfully installed, click
    Close
    .
  7. Apply
    the software patch.
    Click
    Apply
    when prompted to confirm you want to apply the installed PAN-OS software patch to the Next-Gen firewall.
    A status bar is displayed showing the current progress of the PAN-OS software patch application. Click
    Close
    after the patch is successfully applied.
    At this point, the firewall automatically reboots if a reboot is required to complete applying the PAN-OS software patch to the Next-Gen firewall.
  8. (
    HA only
    ) Install the PAN-OS software patch on the firewall HA peer.
    1. Select
      Device
      Software
      Check Now
      .
    2. Install
      the software patch.
    3. Reboot the firewall if required.

Revert

Revert the critical bug and Common Vulnerability and Exposure (CVE) fixes applied by installing the PAN-OS software patch on your Next-Gen firewall.
  1. Select
    Device
    Software
    and locate the PAN-OS software patch you want to revert.
  2. Revert
    the software patch.
    Click
    Revert
    when prompted to confirm you want to revert the installed PAN-OS software patch on the Next-Gen firewall.
    A status bar is displayed showing the current progress of the PAN-OS software patch application. Click
    Close
    after the patch is successfully applied.
    At this point, the firewall automatically reboots if a reboot is required to complete applying the PAN-OS software patch to the Next-Gen firewall.

Recommended For You