What are the limitations related to PAN-OS 8.1 releases?
The following are limitations associated with PAN-OS 8.1 releases.
Beginning in PAN-OS 8.1.3, firewalls and appliances perform a software integrity check periodically when they are running and when they reboot. If you simultaneously boot up multiple instances of a VM-Series firewall on a host or you enable CPU over-subscription on a VM-Series firewall, the firewall boots in to maintenance mode when a processing delay results in a response timeout during the integrity check. If your firewall goes in to maintenance mode, please check the error and warnings in the fips.log file.
A reboot always occurs during an upgrade so if you enabled CPU over-subscription on your VM-Series firewall, consider upgrading your firewall during a maintenance window.
If you use the Panorama management server to manage the configuration of an active/active firewall HA pair, you must set the Device ID for each firewall HA peer before upgrading Panorama to PAN-OS 8.1. If you upgrade without setting the Device IDs, which determine which peer will be active-primary, you cannot commit configuration changes to Panorama.
You cannot form an HA pair of Panorama management servers on AWS instances when the management interface on one HA peer is assigned an Elastic Public IP address or when the HA peers are in different Virtual Private Clouds (VPCs).
The firewall blocks an HTTPS session when the hardware security module (HSM) is down and a Decryption policy for inbound inspection uses the default decryption profile for an ECDSA certificate.
Upgrade the PAN-OS Software Version (VM-Series for NSX)
Upgrade the PAN-OS Software Version (VM-Series for NSX) Choose the upgrade method that best suits your deployment. Upgrade the VM-Series for NSX During a Maintenance ...
Upgrade/Downgrade Considerations The following table lists the new features that have upgrade or downgrade impacts. Make sure you understand all potential changes before you upgrade ...
Determine the Upgrade Path to PAN-OS 8.1
Determine the Upgrade Path to PAN-OS 8.1 When you upgrade from one PAN-OS feature release version to a later feature release, you cannot skip the ...
Upgrade the VM-Series Model in an HA Pair
Upgrade the VM-Series Model in an HA Pair Upgrading the VM-Series firewall allows you to increase the capacity on the firewall. Capacity is defined in ...
VM-Series on ESXi System Requirements and Limitations
VM-Series on ESXi System Requirements and Limitations This section lists requirements and limitations for the VM-Series firewall on VMware vSphere Hypervisor (ESXi). To deploy the ...
Upgrade the VM-Series for NSX During a Maintenance Window
Upgrade the VM-Series for NSX During a Maintenance Window For the VM-Series Firewall NSX edition, use Panorama to upgrade the software version on the firewalls. ...
Upgrade an HA Firewall Pair to PAN-OS 8.1
Upgrade an HA Firewall Pair to PAN-OS 8.1 Review the PAN-OS 8.1 Release Notes and then use the following procedure to upgrade a pair of ...