Upgrade a Standalone Firewall to PAN-OS 8.1
Review the PAN-OS 8.1 Release Notes and then use the following procedure to upgrade a firewall that is not in an HA configuration to PAN-OS 8.1.
If your firewalls are configured to forward samples to a WF-500 appliance for analysis, you must upgrade the WildFire appliance to PAN-OS 8.1 before upgrading the forwarding firewalls.
To avoid impacting traffic, plan to upgrade within the outage window. Ensure the firewall is connected to a reliable power source. A loss of power during an upgrade can make the firewall unusable.
- Save a backup of the current configuration file.Although the firewall automatically creates a configuration backup, it is a best practice to create and externally store a backup before you upgrade.
- Selectand clickDeviceSetupOperationsExport named configuration snapshot.
- Select the XML file that contains your running configuration (for example,running-config.xml) and clickOKto export the configuration file.
- Save the exported file to a location external to the firewall. You can use this backup to restore the configuration if you have problems with the upgrade.
- If you have enabled User-ID, after you upgrade, the firewall clears the current IP address-to-username and group mappings so that they can be repopulated with the attributes from the User-ID sources. To estimate the time required for your environment to repopulate the mappings, run the following CLI commands on the firewall.
- For IP address-to-username mappings:
- show user user-id-agent state all
- show user server-monitor state all
- For group mappings:show user group-mapping statistics
- Ensure that the firewall is running the latest content release version.
- Selectand check whichDeviceDynamic UpdatesApplicationsorApplications and Threatsto determine which update is Currently Installed.
- If the firewall is not running the minimum required content release version or a later version required for PAN-OS 8.1,Check Nowto retrieve a list of available updates.
- Locate andDownloadthe desired content release version.After you successfully download a content update file, the link in the Action column changes fromDownloadtoInstallfor that content release version.
- Installthe update.
- You cannot skip installation of any feature release versions in the path from the currently running PAN-OS version to PAN-OS 8.1.0.
- Upgrade to PAN-OS 8.1.
- Selectand clickDeviceSoftwareCheck Nowto display the latest PAN-OS updates.
- Locate andDownloadPAN-OS 8.1.0.
- After you download the image (or, for a manual upgrade, after you upload the image),Installthe image.
- After the installation completes successfully, reboot using one of the following methods:
At this point, the firewall clears the User-ID mappings, then connects to the User-ID sources to repopulate the mappings.
- If you are prompted to reboot, clickYes.
- If you are not prompted to reboot, selectand clickDeviceSetupOperationsReboot Device.
- If you have enabled User-ID, use the following CLI commands to verify that the firewall has repopulated the IP address-to-username and group mappings before allowing traffic.
- show user ip-user-mapping all
- show user group list
- Verify that the firewall is passing traffic.Selectand verify that you are seeing new sessions.MonitorSession Browser
Recommended For You
Recommended videos not found.