Panorama plugin for AWS 5.4.2 introduces support for an automated firewall
software version compatibility check on Panorama. This feature prevents the
association of a Cloud NGFW resource with a Device Group (DG) if the PAN-OS versions are
incompatible.
Panorama now validates PAN-OS versions before allowing resource-DG association
to prevent management and policy push failures. The plugin blocks associations if the
Cloud NGFW version is more recent than what the Panorama instance can support. If the
firewall’s Pan-OS version is higher than Panorama’s version, the association is blocked
to prevent management errors.
For example, when you associate a Cloud NGFW resource with an incompatible
PAN-OS version, the following alert appears depending on the specific mismatch detected:
