Install a PAN-OS Software Patch
Table of Contents
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.1
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Install a PAN-OS Software Patch
Install critical bug and Common Vulnerability and Exposure (CVE) fixes for your
managed NExt-Gen firewalls and Dedicated Log Collectors from your Panorama™ management
server.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Review the PAN-OS 11.1 Release Notes and then use the
following procedure to install a PAN-OS software patch to address bugs and Common
Vulnerability and Exposures (CVE) in the PAN-OS release currently running on your
managed devices from your Panorama™ management server. Installing a PAN-OS software
patch applies fixes to bugs and CVEs without the need to schedule a prolonged
maintenance and allows you to strengthen your security posture immediately without
introducing any new known issues or changes to default behaviors that may come with
installing a new PAN-OS release. Additionally, you can revert the currently
installed software patch to uninstall the bug and CVE fixes applied when you
installed the software patch.
A system log is generated (MonitorLogsSystem) when a PAN-OS software patch is installed or reverted. An outbound
internet connection is required to download the PAN-OS software patch from the Palo
Alto Networks Customer Support Portal. For air-gapped managed devices, Panorama must
still have internet access to download the PAN-OS software patch, but an outbound
internet connection is not required to install and apply them to the managed
devices.