: Install a PAN-OS Software Patch
Focus
Focus

Install a PAN-OS Software Patch

Table of Contents

Install a PAN-OS Software Patch

Install critical bug and Common Vulnerability and Exposure (CVE) fixes for your managed NExt-Gen firewalls and Dedicated Log Collectors from your Panorama™ management server.
Where Can I Use This?
What Do I Need?
  • Panorama-managed Next-Gen firewall
    CN-Series firewalls are not supported
  • Panorama-managed WildFire appliance
  • Device management license
  • Support license
  • PAN-OS 11.1.3 or later 11.1 release
  • Outbound internet access
Review the PAN-OS 11.1 Release Notes and then use the following procedure to install a PAN-OS software patch to address bugs and Common Vulnerability and Exposures (CVE) in the PAN-OS release currently running on your managed devices from your Panorama™ management server. Installing a PAN-OS software patch applies fixes to bugs and CVEs without the need to schedule a prolonged maintenance and allows you to strengthen your security posture immediately without introducing any new known issues or changes to default behaviors that may come with installing a new PAN-OS release. Additionally, you can revert the currently installed software patch to uninstall the bug and CVE fixes applied when you installed the software patch.
A system log is generated (
Monitor
Logs
System
) when a PAN-OS software patch is installed or reverted. An outbound internet connection is required to download the PAN-OS software patch from the Palo Alto Networks Customer Support Portal. For air-gapped managed devices, Panorama must still have internet access to download the PAN-OS software patch, but an outbound internet connection is not required to install and apply them to the managed devices.

Recommended For You