1. Home
    2. PAN-OS
    3. PAN-OS Upgrade Guide
    4. Upgrade Panorama Plugins
    5. Panorama Plugins Upgrade/Downgrade Considerations

    Panorama Plugins Upgrade/Downgrade Considerations

    Upgrade/downgrade considerations for Panorama plugins.
    The following table lists the new features that have upgrade or downgrade impact. Make sure you understand fall upgrade/downgrade considerations before you upgrade to or downgrade from a PAN-OS 10.2 release. For additional information about PAN-OS 10.2 releases, refer to the PAN-OS 10.2 Release Notes.
    Panorama Plugins Upgrade/Downgrade Considerations
    Feature
    Upgrade Considerations
    Downgrade Considerations
    Panorama Plugins
    • AWS Plugin
    • Azure Plugin
    • Kubernetes Plugin
    • Software Firewall Licensing Plugin
    • PAN-OS SD-WAN Plugin
    • IPS Signature Converter Plugin
    • ZTP Plugin
    • Enterprise DLP Plugin
    • Openconfig Plugin
    • GCP Plugin
    • Cisco ACI Plugin
    • Nutanix Plugin
    • VCenter Plugin
    Before you upgrade to PAN-OS 10.2, you must download the Panorama plugin version supported on PAN-OS 10.2 for all plugins installed on Panorama. This is required to successfully upgrade to PAN-OS 10.2. See the list of Compatible Plugin Versions for PAN-OS 10.2 for more information.
    To downgrade from PAN-OS 10.2, you must download the Panorama plugin version supported on PAN-OS 10.1 and earlier releases for all plugins installed on Panorama. See the Panorama Plugins Compatibility Matrix for more information.
    (
    Enterprise DLP
    ) After upgrading Panorama to PAN-OS 10.2, you must install Application and Threats content release version
    8520
     on all managed firewalls running PAN-OS 10.2 or earlier release. This is required to successfully push configuration changes to managed firewalls leveraging Enterprise DLP that you did not upgrade to PAN-OS 10.2.
    (
    Enterprise DLP
    ) Loading a Panorama configuration backup that does contain the Shared Enterprise DLP configuration deletes the shared App exclusion filter required to scan non-file based traffic.
    (
    SD-WAN
    ) Panorama plugin for SD-WAN 2.2 and earlier releases are not supported in PAN-OS 10.2.
    Upgrading a Panorama management server to PAN-OS 10.2 when the Panorama plugin for SD-WAN 2.2 or earlier release is installed causes the SD-WAN plugin to be hidden in the Panorama web interface or causes the SD-WAN configuration to be deleted. In both cases, you are unable to install a new SD-WAN plugin version or uninstall the SD-WAN plugin.
    PAN-OS SD-WAN
    After successful upgrade of Panorama to PAN-OS 10.2 and the Panorama plugin from SD-WAN version 2.0.0 to SD-WAN version 3.0, you must clear the SD-WAN cache on Panorama for existing SD-WAN deployments only.
    Clearing the SD-WAN cache does not delete any existing SD-WAN configuration but deletes the IP address, tunnel, and gateway naming conventions for the new format introduced in Panorama plugin for SD-WAN version 3.0.
    For new deployments of SD-WAN, you do not need to clear the SD-WAN cache on Panorama if you install the Panorama plugin for SD-WAN version 3.0 on Panorama after you upgrade to PAN-OS 10.2.
    2. Clear the SD-WAN cache on Panorama.
      admin>
       debug plugins sd_wan drop-config-cache all
    None.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo