Changes to Default Behavior in Prisma SD-WAN ION Device Release
5.2.1
Learn more about the changes to default behavior in Prisma
SD-WAN ION device release 5.2.1.
Keep the following upgrade and downgrade considerations
in mind when upgrading or downgrading your devices to and from Release
5.2.1.
If you are on a 4.x release, to upgrade to Release 5.2.1,
you must first upgrade to Release 5.0.1 or Release 5.0.3.
To rollback or downgrade to Release 4.x, you must downgrade
first to Release 5.0.3 or Release 5.0.1.
Note the following upgrade considerations per feature.
Network Address Translation (NAT)
Before
you upgrade to Release 5.2.1:
If you have configured
NAT through the Advanced User Interface (UI), then you must disable
these rules in the Advanced UI, per ION device, before you attempt
to upgrade to Release 5.2.1. Note that you do not need to delete
previously-configured NAT rules, as they can be used if ever there
is a need to downgrade and invoke previous NAT behavior. Migrate
the Advanced UI-based configuration to a NAT policy before beginning
the upgrade.
- If you are currently using Network Policies (Original), you
must migrate first to Stacked Policies before you can configure
NAT policies.
Routing
Before upgrading to Release 5.2.1,
consider the following:
For BGP peers configured
on PPPoE interfaces, ensure that the update-source field is configured
on the BGP peer. Also, ensure that the IP address is updated on
the PPPoE interface, and then perform the upgrade. This is mandatory
for PPPoE and multi-hop BGP peers.
- If a branch site has two ION devices assigned to it, make sure
a branch HA group has been properly configured before attempting
to configure LAN-side routing.
Do not configure prefixes at the branch-site level when L3
Direct Private WAN and L3 LAN Forwarding is enabled.
- Use Route Maps to block the default route from the LAN peer.
If this is not done, the default route will be advertised to other
sites. This can pollute the network and can bring down network connectivity.
Note the following downgrade considerations:
If
the default NAT policy was modified before downgrading, you must
convert those NAT policy rules to the Advanced UI-based NAT configuration.
If you had previous Advanced UI-based NAT configuration and it was disabled
to allow the upgrade to proceed, simply just re-enable those rules
after the downgrade.
- Before you downgrade from Release 5.2.1 to a lower release,
check if a second controller port or any virtual interfaces are
configured on the ION device. If a second controller port is configured
on an ION device for purposes of controller-connectivity redundancy,
then you must set Admin to Down before you attempt to downgrade
from this release.
If virtual interfaces are configured on the ION device, then
you must delete the virtual interfaces before you attempt to downgrade
from this release.
- If the Data Center ION device feature was enabled before downgrading
from Release 5.2.1 to a lower release, make sure to disable this
option.