1. Home
    2. PAN-OS
    3. PAN-OS Upgrade Guide
    4. Upgrade Panorama
    5. Deploy Upgrades to Firewalls, Log Collectors, and WildFire Appliances Using Panorama
    6. Upgrade a ZTP Firewall

    Upgrade a ZTP Firewall

    Automatically upgrade your a ZTP firewall.
    After you successfully add a ZTP firewall to the Panorama™ management server, configure the target PAN-OS version of the ZTP firewall. Panorama checks whether PAN-OS version installed on the ZTP firewall is greater than or equal to the configured target PAN-OS version after it successfully connects to Panorama for the first time. If the PAN-OS version installed on the ZTP firewall is less than the target PAN-OS version, then the ZTP firewall enters an upgrade cycle until target PAN-OS version is installed.
    3. Select
      Panorama
      Device Deployment
      Updates
       and
      Check Now
       for the latest PAN-OS releases.
    4. Select
      Panorama
      Managed Devices
      Summary
       and select one or more ZTP firewalls.
    5. Reassociate
       the selected ZTP firewall(s).
    6. Check (enable)
      Auto Push on 1st Connect
      .
    7. In the
      To SW Version
       column, select the target PAN-OS version for the ZTP firewall.
    8. Click
      OK
       to save your configuration changes.
    9. Select
      Commit
       and
      Commit to Panorama
      .
    10. Power on the ZTP firewall.
      When the ZTP firewall connects to Panorama for the first time, it automatically upgrades to the PAN-OS version you selected.
      • Panorama running PAN-OS 11.0.0
        —If you are upgrading managed firewalls across PAN-OS major or maintenance releases, the intermediary PAN-OS releases on your upgrade path are installed first before the target PAN-OS release is installed.
        For example, you configured the target
        To SW Version
         for the managed firewall as PAN-OS 11.0.0 and the firewall is running PAN-OS 10.1. On first connection to Panorama, PAN-OS 10.2.0 is installed on the managed firewall first. After PAN-OS 10.2.0 successfully installs, the firewall is automatically upgraded to the target PAN-OS 11.0.0 release.
      • Panorama running PAN-OS 11.0.1 and later releases
        —If you are upgrading managed firewalls across PAN-OS major or maintenance releases, the intermediary PAN-OS major releases on your upgrade path are installed and the base PAN-OS major release is downloaded before the target PAN-OS maintenance release is installed.
        For example, you configured the target
        To SW Version
         for the managed firewall as PAN-OS 11.0.1 and the firewall is running PAN-OS 10.0. On first connection to Panorama, PAN-OS 10.1.0 and PAN-OS 10.2.0 are installed on the managed firewall. After the managed firewall reboots, PAN-OS 11.0.0 is downloaded and then the firewall automatically installs to the target PAN-OS 11.0.1 release.
    11. Verify the ZTP firewall software upgrade.
      2. Select
        Panorama
        Managed Devices
        Summary
         and navigate to the ZTP firewall(s).
      3. Verify the
        Software Version
         column displays the correct target PAN-OS release.
    12. For all future PAN-OS upgrades, see Upgrade the Firewall to PAN-OS 11.0 from Panorama.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo