Upgrade a Cluster Locally with an Internet Connection

To upgrade a cluster locally, you must individually upgrade each WildFire appliance enrolled in a cluster. When an appliance finishes upgrading, it automatically re-enrolls into the cluster that it was originally assigned to.

Temporarily suspend sample analysis.

Stop firewalls from forwarding any new samples to the WildFire appliance.

Select

Device > Setup > WildFire

and edit

General Settings

Clear the

WildFire Private Cloud

field.

Click

and

Commit

Confirm that analysis for samples the firewalls already submitted to the appliance is complete:

admin@WF-500(passive-controller)> show wildfire latest samples

If you do not want to wait for the WildFire appliance to finish analyzing recently-submitted samples, you can continue to the next step. However, consider that the WildFire appliance then drops pending samples from the analysis queue.

Install the latest WildFire appliance content update.

These updates equip the appliance with the latest threat information to accurately detect malware.

admin@WF-500(passive-controller)> request wf-content upgrade install version latest

Download the PAN-OS 8.0.1 software version to the WildFire appliance.

You cannot skip any major release version when upgrading the WildFire appliance. For example, if you want to upgrade from PAN-OS 6.1 to PAN-OS 7.1, you must first download and install PAN-OS 7.0.

Download the 8.0.1 software version.

admin@WF-500(passive-controller)> request system software download version 8.0.1

To check the status of the download, use the following command

admin@WF-500(passive-controller)> show jobs all

Confirm that all services are running.

admin@WF-500(passive-controller)> show system software status

Install the 8.0.1 software version.

admin@WF-500(passive-controller)> request system software install version 8.0.1

Complete the software upgrade.

Confirm that the upgrade is complete. Run the following command and look for the job type

Install

and status

FIN

admin@WF-500(passive-controller)> show jobs all

Enqueued Dequeued ID Type Status Result Completed
----------------------------------------------------
14:53:15 14:53:15 5 Install FIN    OK   14:53:19

Gracefully restart the appliance:

admin@WF-500(passive-controller)> request cluster reboot-local-node

The upgrade process could take 10 minutes or over an hour, depending on the number of samples stored on the WildFire appliance.

Repeat steps 1-6 for each WildFire worker node in the cluster.

(Optional) View the status of the reboot tasks on the WildFire controller node.

On the WildFire cluster controller, run the following command and look for the job type

Install

and Status

FIN

admin@WF-500(active-controller)> show cluster task pending

Check that the WildFire appliance is ready to resume sample analysis.

Verify that the sw-version field shows 8.0.1:

admin@WF-500(passive-controller)> show system info | match sw-version

Confirm that all processes are running:

admin@WF-500(passive-controller)> show system software status

Confirm that the auto-commit (

AutoCom

) job is complete:

admin@WF-500(passive-controller)> show jobs all

Document:WildFire Administrator's Guide

Upgrade a Cluster Locally with an Internet Connection

Upgrade a Cluster Locally with an Internet Connection

Recommended For You

Document:WildFire Administrator's Guide

Upgrade a Cluster Locally with an Internet Connection

Upgrade a Cluster Locally with an Internet Connection

Recommended For You

Recommended Videos