End-of-Life (EoL)

Prisma Cloud’s backward compatibility and upgrade process

Prisma Cloud console is backward compatible up to two major releases back (including all minor versions) with the following:
  • All types of Defenders.
  • Twistcli/Jenkins plugin.
When projects are used, the exact same version is required for master Console and tenant Consoles.

Upgrade and notifications

You can upgrade Prisma Cloud without losing any of your data or configurations. First, upgrade Console Then, upgrade any of the Defenders that have reached end of their support lifecycle.
You can upgrade from up to two release back
to the current major version.
Console notifies you when new versions of Prisma Cloud are available. Notifications are displayed in the top right corner of the dashboard.
When you upgrade Console, the old Console container is completely replaced with a new container. Because Prisma Cloud stores state information outside of the container, all your rules and settings are immediately available to the upgraded Prisma Cloud containers.
Prisma Cloud state information is stored in a database in the location specified by DATA_FOLDER, which is defined in twistlock.cfg. By default, the database is located in /var/lib/twistlock.

Overview of the upgrade process

First, upgrade Console. Then, upgrade any of the Defenders that have reached the end of the support lifecycle. Finally, upgrade all other Prisma Cloud components, such as the Jenkins plugin.
The steps in the upgrade process are:
  1. Upgrade Console.
  2. Go to
    Manage > Defenders > Manage
    , filter the the
    column by
    Upgrade Required
    , and upgrade all the listed Defenders.
  3. Validate that all deployed Defenders have been upgraded.
  4. To download the latest version of all other Prisma Cloud Compute components (such as the Jenkins plugin), either go to
    Manage > System > Utilities
    to download the latest versions or retrieve them using the API.

Version numbers of installed components

The currently installed version of Console is displayed in the bell menu.
The versions of your deployed Defenders are listed under
Manage > Defenders > Manage

Upgrading Console when using projects

When you have one or more tenant projects, upgrade all supervisor Consoles before upgrading the Central Console. During the upgrade process, there may be periods where the supervisors appear disconnected. This is normal, because supervisors are disconnected while the upgrade occurs and Central Console will try to reestablish connectivity every 10 minutes. Within 10 minutes of upgrading all supervisors and the Central Console, all supervisors should appear healthy.
Upgrade each Supervisor and then the Central Console using the appropriate procedure: