Panorama Plugins Upgrade/Downgrade Considerations
Upgrade/downgrade considerations for Panorama plugins.
The following table lists the new features that have upgrade or downgrade impact. Make sure you understand fall upgrade/downgrade considerations before you upgrade to or downgrade from a PAN-OS 10.2 release. For additional information about PAN-OS 10.2 releases, refer to the PAN-OS 10.2 Release Notes.
Before you upgrade to PAN-OS 10.2, you must download the Panorama plugin version supported on PAN-OS 10.2 for all plugins installed on Panorama. This is required to successfully upgrade to PAN-OS 10.2. See the list of Compatible Plugin Versions for PAN-OS 10.2 for more information.
To downgrade from PAN-OS 10.2, you must download the Panorama plugin version supported on PAN-OS 10.1 and earlier releases for all plugins installed on Panorama. See the Panorama Plugins Compatibility Matrix for more information.
Enterprise DLP) After upgrading Panorama to PAN-OS 10.2, you must install Application and Threats content release version
8520on all managed firewalls running PAN-OS 10.2 or earlier release. This is required to successfully push configuration changes to managed firewalls leveraging Enterprise DLP that you did not upgrade to PAN-OS 10.2.
Enterprise DLP) Loading a Panorama configuration backup that does contain the Shared Enterprise DLP configuration deletes the shared App exclusion filter required to scan non-file based traffic.
SD-WAN) Panorama plugin for SD-WAN 2.2 and earlier releases are not supported in PAN-OS 10.2.
Upgrading a Panorama management server to PAN-OS 10.2 when the Panorama plugin for SD-WAN 2.2 or earlier release is installed causes the SD-WAN plugin to be hidden in the Panorama web interface or causes the SD-WAN configuration to be deleted. In both cases, you are unable to install a new SD-WAN plugin version or uninstall the SD-WAN plugin.
After successful upgrade of Panorama to PAN-OS 10.2 and the Panorama plugin from SD-WAN version 2.0.0 to SD-WAN version 3.0, you must clear the SD-WAN cache on Panorama for existing SD-WAN deployments only.
Clearing the SD-WAN cache does not delete any existing SD-WAN configuration but deletes the IP address, tunnel, and gateway naming conventions for the new format introduced in Panorama plugin for SD-WAN version 3.0.
For new deployments of SD-WAN, you do not need to clear the SD-WAN cache on Panorama if you install the Panorama plugin for SD-WAN version 3.0 on Panorama after you upgrade to PAN-OS 10.2.
When upgrading to PAN-OS 10.2.3 from an earlier PAN-OS 10.2 version, you must first download and install the DLP 3.0.2 plugin.
DLP Plugin 3.0.3) Before you downgrade the Panorama plugin for Enterprise DLP to version 3.0.2 or later release, you must edit the
Max File Size (MB)in the Enterprise DLP data filtering settings to 20MB or less.
Inspection of file larger than 20MB is supported on Enterprise DLP 3.0.3 and later 3.0 releases only.
Recommended For You
Recommended videos not found.