Changes to Default Behavior in Prisma SD-WAN ION Device Release 5.2.1
Focus
Focus

Changes to Default Behavior in Prisma SD-WAN ION Device Release 5.2.1

Table of Contents

Changes to Default Behavior in Prisma SD-WAN ION Device Release 5.2.1

Learn more about the changes to default behavior in Prisma SD-WAN ION device release 5.2.1.
Keep the following upgrade and downgrade considerations in mind when upgrading or downgrading your devices to and from Release 5.2.1.
  • If you are on a 4.x release, to upgrade to Release 5.2.1, you must first upgrade to Release 5.0.1 or Release 5.0.3.
  • To rollback or downgrade to Release 4.x, you must downgrade first to Release 5.0.3 or Release 5.0.1.
Note the following upgrade considerations per feature.

Network Address Translation (NAT)

Before you upgrade to Release 5.2.1:
  • If you have configured NAT through the Advanced User Interface (UI), then you must disable these rules in the Advanced UI, per ION device, before you attempt to upgrade to Release 5.2.1. Note that you do not need to delete previously-configured NAT rules, as they can be used if ever there is a need to downgrade and invoke previous NAT behavior. Migrate the Advanced UI-based configuration to a NAT policy before beginning the upgrade.
  • If you are currently using Network Policies (Original), you must migrate first to Stacked Policies before you can configure NAT policies.

Routing

Before upgrading to Release 5.2.1, consider the following:
  • For BGP peers configured on PPPoE interfaces, ensure that the update-source field is configured on the BGP peer. Also, ensure that the IP address is updated on the PPPoE interface, and then perform the upgrade. This is mandatory for PPPoE and multi-hop BGP peers.
  • If a branch site has two ION devices assigned to it, make sure a branch HA group has been properly configured before attempting to configure LAN-side routing.
  • Do not configure prefixes at the branch-site level when L3 Direct Private WAN and L3 LAN Forwarding is enabled.
  • Use Route Maps to block the default route from the LAN peer. If this is not done, the default route will be advertised to other sites. This can pollute the network and can bring down network connectivity.
Note the following downgrade considerations:
  • If the default NAT policy was modified before downgrading, you must convert those NAT policy rules to the Advanced UI-based NAT configuration. If you had previous Advanced UI-based NAT configuration and it was disabled to allow the upgrade to proceed, simply just re-enable those rules after the downgrade.
  • Before you downgrade from Release 5.2.1 to a lower release, check if a second controller port or any virtual interfaces are configured on the ION device. If a second controller port is configured on an ION device for purposes of controller-connectivity redundancy, then you must set Admin to Down before you attempt to downgrade from this release.
  • If virtual interfaces are configured on the ION device, then you must delete the virtual interfaces before you attempt to downgrade from this release.
  • If the Data Center ION device feature was enabled before downgrading from Release 5.2.1 to a lower release, make sure to disable this option.