Upgrade the VM-Series for NSX Without Disrupting Traffic
Use the following procedure to upgrade the PAN-OS version of the VM-Series firewalls in your VMware NSX environment. This procedure allows you to perform the PAN-OS upgrade without disrupting traffic by migrating VMs to different ESXi hosts.
- Save a backup of the current configuration file
on each managed firewall that you plan to upgrade.Although the firewall will automatically create a backup of the configuration, it is a best practice to create a backup prior to upgrade and store it externally.
- Select DeviceSetupOperations and click Export Panorama and devices config bundle. This option is used to manually generate and export the latest version of the configuration backup of Panorama and of each managed device.
- Save the exported file to a location external to the firewall. You can use this backup to restore the configuration if you have problems with the upgrade.
- Check the Release Notes to verify the Content Release
version required for the PAN-OS version.The firewalls you plan to upgrade must be running the Content Release version required for the PAN-OS version.
- Select PanoramaDevice DeploymentDynamic Updates.
- Check for the latest updates. Click Check Now (located in the lower left-hand corner of the window) to check for the latest updates. The link in the Action column indicates whether an update is available. If a version is available, the Download link displays.
- Click Download to download a selected version. After successful download, the link in the Action column changes from Download to Install.
- Click Install and select the devices on which you want to install the update. When the installation completes, a check mark displays in the Currently Installed column.
- Download the PAN-OS image to all VM-Series firewalls
in the cluster.
- Login to Panorama.
- Select PanoramaDevice DeploymentSoftware.
- Click Refresh to view the latest software release and also review the Release Notes to view a description of the changes in a release and to view the migration path to install the software.
- Click Download to retrieve
the software then click Install.Do not reboot the VM-Series firewalls after installing the new software image.
- Select the managed devices to be upgraded.
- Clear the Reboot device after install check box.
- Click OK.
- Upgrade the VM-Series firewall on the first ESXi host
in the cluster.
- Login to vCenter.
- Select Hosts and Clusters.
- Right-click the host and select Maintenance ModeEnter Maintenance Mode.
- Migrate (automatically or manually) all VMs, except the VM-Series firewall, off of the host.
- Power off the VM-Series firewall. This should happen automatically upon entering maintenance mode on the host.
- (Optional) Assign additional CPUs or memory to the
VM-Series firewall before continuing with the upgrade process.Verify that enough hardware resources are available to the VM-Series firewall. Refer to the VM-Series System Requirements to see the new resource requirements for each VM-Series model.
- Right-click the host and select Maintenance ModeExit Maintenance Mode. Exiting maintenance mode causes the NSX ESX Agent Manager (EAM) to power on the VM-Series firewall. The firewall reboots with the new PAN-OS version.
- Migrate (automatically or manually) all VMs back to the original host.
- Repeat this process for each VM-Series firewall on each ESXi host.
- Verify the software and Content Release version running
on each managed device.
- Select PanoramaManaged Devices.
- Locate the device(s) and review the content and software versions on the table.
Upgrade the PAN-OS Software Version (VM-Series for NSX)
Upgrade the PAN-OS Software Version (VM-Series for NSX) Choose the upgrade method that best suits your deployment. Upgrade the VM-Series for NSX During a Maintenance ...
Upgrade the VM-Series for NSX During a Maintenance Window
Upgrade the VM-Series for NSX During a Maintenance Window For the VM-Series Firewall NSX edition, use Panorama to upgrade the software version on the firewalls. ...
Upgrade the PAN-OS Software Version (Standalone Version)
Upgrade the PAN-OS Software Version (Standalone Version) Now that the VM-Series firewall has network connectivity and the base PAN-OS software is installed, consider upgrading to ...
Install Updates for Panorama with an Internet Connection
Install Updates for Panorama with an Internet Connection If Panorama™ has a direct connection to the internet, perform the following steps to install Panorama software ...
Determine the Upgrade Path to PAN-OS 8.0
Determine the Upgrade Path to PAN-OS 8.0 When you upgrade from one PAN-OS feature release version to a later feature release, you cannot skip the ...
Upgrade the VM-Series for NSX by Changing the OVF URL
Upgrade the VM-Series for NSX by Changing the OVF URL You can upgrade the PAN-OS version of your VM-Series firewall for NSX by changing the ...
Install Updates for Panorama When Not Internet-Connected
Install Updates for Panorama When Not Internet-Connected If Panorama™ does not have a direct connection to the internet, perform the following steps to install Panorama ...
Upgrade a Firewall to PAN-OS 8.0
Upgrade a Standalone Firewall to PAN-OS 8.0 Review the PAN-OS 8.0 Release Notes and then use the following procedure to upgrade a firewall not in ...
Deploy an Update to Log Collectors when Panorama is Internet-connected
Upgrade Log Collector software to PAN-OS® 8.0 and install content updates using Panorama™ when Panorama is connected to the internet. ...