Upgrade the VM-Series for NSX Without Disrupting Traffic
Use the following procedure to upgrade the PAN-OS version of the VM-Series firewalls in your VMware NSX environment. This procedure allows you to perform the PAN-OS upgrade without disrupting traffic by migrating VMs to different ESXi hosts.
- Review the VM-Series for VMware NSX upgrade paths.
- Save a backup of the current configuration file on each managed firewall that you plan to upgrade.Although the firewall will automatically create a backup of the configuration, it is a best practice to create a backup prior to upgrade and store it externally.
- Selectand clickDeviceSetupOperationsExport Panorama and devices config bundle. This option is used to manually generate and export the latest version of the configuration backup of Panorama and of each managed device.
- Save the exported file to a location external to the firewall. You can use this backup to restore the configuration if you have problems with the upgrade.
- Check the Release Notes to verify the Content Release version required for the PAN-OS version.The firewalls you plan to upgrade must be running the Content Release version required for the PAN-OS version.
- Select.PanoramaDevice DeploymentDynamic Updates
- Check for the latest updates. Click Check Now (located in the lower left-hand corner of the window) to check for the latest updates. The link in the Action column indicates whether an update is available. If a version is available, theDownloadlink displays.
- ClickDownloadto download a selected version. After successful download, the link in theActioncolumn changes fromDownloadtoInstall.
- ClickInstalland select the devices on which you want to install the update. When the installation completes, a check mark displays in theCurrently Installedcolumn.
- Download the PAN-OS image to all VM-Series firewalls in the cluster.
- Login to Panorama.
- Select.PanoramaDevice DeploymentSoftware
- ClickRefreshto view the latest software release and also review theRelease Notesto view a description of the changes in a release and to view the migration path to install the software.
- ClickDownloadto retrieve the software then clickInstall.Do not reboot the VM-Series firewalls after installing the new software image.
- Select the managed devices to be upgraded.
- Clear theReboot device after installcheck box.
- Upgrade the VM-Series firewall on the first ESXi host in the cluster.
- Login to vCenter.
- SelectHosts and Clusters.
- Right-click the host and select.Maintenance ModeEnter Maintenance Mode
- Migrate (automatically or manually) all VMs, except the VM-Series firewall, off of the host.
- Power off the VM-Series firewall. This should happen automatically upon entering maintenance mode on the host.
- (Optional) Assign additional CPUs or memory to the VM-Series firewall before continuing with the upgrade process.
- Right-click the host and select. Exiting maintenance mode causes the NSX ESX Agent Manager (EAM) to power on the VM-Series firewall. The firewall reboots with the new PAN-OS version.Maintenance ModeExit Maintenance Mode
- Migrate (automatically or manually) all VMs back to the original host.
- Repeat this process for each VM-Series firewall on each ESXi host.
- Verify the software and Content Release version running on each managed device.
- Select.PanoramaManaged Devices
- Locate the device(s) and review the content and software versions on the table.
Recommended For You
Recommended videos not found.