Deploy Upgrades to Firewalls, Log Collectors, and WildFire Appliances Using Panorama
Table of Contents
                    
					11.0 (EoL)
						
				
		
  Expand all | Collapse all
  
- 
          
                - 
      
            - Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.0
 
- Troubleshoot Your Panorama Upgrade
- 
      
            - What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
 
 
- 
      
            
                            End-of-Life (EoL)
                        
                    Deploy Upgrades to Firewalls, Log Collectors, and WildFire Appliances Using Panorama
Use Panorama™ to test software and content updates on
a subset of firewalls and Dedicated Log Collectors before you deploy
to all your firewalls and appliances.
    You can use Panorama™ to qualify software and content
updates by deploying them to a subset of firewalls, Dedicated Log
Collectors, or WildFire® appliances and appliance clusters before
installing the updates on the rest of your managed appliances. If
you want to schedule periodic content updates, Panorama requires
a direct internet connection. To deploy software or content updates
on demand (unscheduled), the procedure differs based on whether
Panorama is connected to the internet. Panorama displays a warning
if you manually deploy a content update when a scheduled update
process has started or will start within five minutes.
When deploying updates, Panorama notifies the managed appliances
(firewalls, Log Collectors, and WildFire appliances) that updates
are available and the appliances then retrieve the update packages
from Panorama. By default, managed appliances retrieve updates over
the management (MGT) interface on Panorama. However, if you want
to reduce the traffic load on the MGT interface by using another
interface for appliances to retrieve updates, you can Configure Panorama to Use Multiple
Interfaces.
You can quickly revert a content version for one or more firewalls
to the previously installed content version using Panorama. After
a new content version is installed on the firewall, you can revert
back to the previously installed version if the newly installed
content version destabilizes or otherwise disrupts your network
operations.
By default, you can download up to two software or content
updates of each type to Panorama. When you start any download beyond
that maximum, Panorama deletes the oldest update of the selected
type. To change the maximum, see Manage Panorama Storage for Software
and Content Updates.
- What Updates Can Panorama Push to Other Devices?
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Schedule a Content Update Using Panorama
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade a ZTP Firewall
