Upgrade/Downgrade Considerations
Table of Contents
Expand all | Collapse all
-
-
-
-
-
- Features Introduced in Enterprise Data Loss Prevention 4.0.3
- Known Issues in Enterprise DLP Plugin 4.0.3
- Features Introduced in Enterprise Data Loss Prevention 4.0.2
- Known Issues in Enterprise DLP Plugin 4.0.2
- Features Introduced in Enterprise Data Loss Prevention 4.0.1
- Known Issues in Enterprise DLP Plugin 4.0.1
- Features Introduced in Enterprise Data Loss Prevention 4.0.0
- Known Issues in Enterprise DLP Plugin 4.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 3.0.8
- Features Introduced in Enterprise Data Loss Prevention 3.0.7
- Features Introduced in Enterprise Data Loss Prevention 3.0.6
- Features Introduced in Enterprise Data Loss Prevention 3.0.5
- Features Introduced in Enterprise Data Loss Prevention 3.0.4
- Features Introduced in Enterprise Data Loss Prevention 3.0.3
- Features Introduced in Enterprise Data Loss Prevention 3.0.2
- Features Introduced in Enterprise Data Loss Prevention 3.0.1
- Features Introduced in Enterprise Data Loss Prevention 3.0.0
- Known Issues in Enterprise Data Loss Prevention 3.0.8
- Known Issues in Enterprise Data Loss Prevention 3.0.7
- Known Issues in Enterprise Data Loss Prevention 3.0.6
- Known Issues in Enterprise Data Loss Prevention 3.0.5
- Known Issues in Enterprise Data Loss Prevention 3.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.0
-
- Features Introduced in Enterprise Data Loss Prevention 1.0.8
- Features Introduced in Enterprise Data Loss Prevention 1.0.3
- Features Introduced in Enterprise Data Loss Prevention 1.0.1
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.8
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.7
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.6
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.4
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.3
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.2
- Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 1.0.1
- Features Introduced in the Enterprise Data Loss Prevention (DLP) Cloud Service
- Limitations
-
-
Upgrade/Downgrade Considerations
Upgrade/downgrade considerations for SD-WAN Plugin releases.
The following tables list the features that have upgrade or downgrade impact. Make
sure you understand all upgrade and downgrade considerations before you upgrade to or
downgrade from an SD-WAN plugin release. For additional information about the SD-WAN
plugin releases, refer to the PAN-OS Release Notes.
Feature | Upgrade Considerations | Downgrade Considerations |
|---|---|---|
PAN-233120 | None | When you attempt to downgrade from Panorama 11.1.0 to Panorama
10.1.11 directly, the SD-WAN plugin version does not get downgraded
to the compatible version automatically. Due to this, the Panorama
will throw a commit failure. Workaround : To downgrade from Panorama 11.1.0 to Panorama
10.1.11:
|
SD-WAN IKEv2 Certificate-based Authentication Support | The existing devices in the SD-WAN configuration will continue to use
the pre-shared key (PSK) and would not automatically change to
certificate-based authentication. If you want to change the
authentication type to certificate , follow
these steps:
|
|
Feature | Upgrade Considerations | Downgrade Considerations |
|---|---|---|
— | You cannot upgrade directly to SD-WAN plugin 3.1.2 from any plugin
version earlier than 3.1.1. If you are running SD-WAN plugin 3.1.0
or an earlier plugin version on your firewall, you must upgrade to
SD-WAN plugin 3.1.1 before you upgrade to SD-WAN plugin 3.1.2. | None |
DDNS/Dynamic IP addressing using FQDN | When upgrading to SD-WAN plugin 3.1.1, SD-WAN branches configured
with dynamic IP addressing using FQDN didn't work. Instead, upgrade
to SD-WAN plugin 3.1.2. You must first Commit on Panorama and then
Push to devices. | None |
Feature | Upgrade Considerations | Downgrade Considerations |
|---|---|---|
— | After you upgrade to SD-WAN plugin release 2.2.6, you won't be able
to change the existing VPN cluster name. | None. |
PLUG-11223 | ( HA deployments only ) When you upgrade from an earlier
SD-WAN plugin release to 2.2.5 followed by
Commit and Commit
All , the key ID will change if it was generated
using the firewall that has a higher serial number. | None. |
— | For a Panorama virtual appliance, you must increase the memory allocated
to the Panorama management server to 64GB. This is required to avoid
commit failures on successful upgrade to SD-WAN Plugin 2.2. | None. |
— | Review the minimum supported PAN-OS versions before
upgrading your firewalls leveraging SD-WAN. Panorama plugin
for SD-WAN 2.2 supports the following minimum PAN-OS versions for managed
firewalls.
| None. |
Prisma Access Hub Support | — | To downgrade the SD-WAN Plugin from 2.2.0
to 2.1.0:
|
SD-WAN Devices | For SD-WAN devices ( Panorama SD-WAN Devices On upgrade to SD-WAN plugin 2.2,
commits on Panorama fail if two SD-WAN devices have the same Site
name. | None. |
Feature | Upgrade Considerations | Downgrade Considerations |
|---|---|---|
— | To upgrade from SD-WAN Plugin 2.0.2 or earlier 2.0 versions to 2.1.0, complete the following
steps during a maintenance timeframe:
| None |
Feature | Upgrade Considerations | Downgrade Considerations |
|---|---|---|
— | To upgrade from SD-WAN Plugin 2.0.x to 2.0.3, complete
the following steps during a maintenance timeframe:
| None |
— | Downgrading the Panorama management server
and managed firewalls that currently leverage features that were introduced
in PAN-OS 10.0.3 (or later version) or SD-WAN plugin 2.0.1 (or later
version) can cause stability issues if you downgrade from the following
versions:
Workaround : Before you upgrade to
PAN-OS 10.0.3 or SD-WAN plugin 2.0.1, save and export your Panorama
and firewall configurations. Then, if you need to downgrade
PAN-OS or the SD-WAN plugin to a previous version:
If
you did not export and save a Panorama and managed firewall configuration
prior to upgrading to PAN-OS 10.0.3 or SD-WAN plugin 2.0.1, then—
before you can successfully downgrade to PAN-OS 10.0.2 (or an earlier version)
or SD-WAN plugin 2.0.0—you must remove any feature options or configurations that
were introduced in PAN-OS 10.0.3 or in SD-WAN plugin 2.0.1. | |
Remove Private AS | None | If you change the Remove Private
AS setting, commit to all SD-WAN cluster nodes, and subsequently
downgrade to an SD-WAN Plugin version earlier than 2.0.2, then all
configuration related to Remove Private AS must
be done outside of the SD-WAN plugin or directly on the firewalls. |
Full Mesh and DDNS | None | If you downgrade from SD-WAN Plugin 2.0.1
to an earlier plugin version, the VPN Cluster will not support a
mesh configuration or a DDNS configuration. If you had configured
a VPN mesh configuration, then you must move the cluster to a Hub-Spoke configuration,
configure a hub if you didn't have one, Remove DDNS Configuration ,
commit on Panorama, and then push the configuration to your firewalls. If
you cannot change the VPN cluster to a Hub-Spoke configuration,
then you must delete the entire cluster, commit on Panorama, and
then push the configuration to your firewalls before you downgrade. |