1. Home
    2. WildFire
    3. WildFire® Administrator's Guide
    4. WildFire Appliance Clusters
    5. Upgrade WildFire Appliances in a Cluster
    6. Upgrade a Cluster Locally with an Internet Connection

    Upgrade a Cluster Locally with an Internet Connection

    To upgrade a cluster locally, you must individually upgrade each WildFire appliance enrolled in a cluster. When an appliance finishes upgrading, it automatically re-enrolls into the cluster that it was originally assigned to.
    1. Temporarily suspend sample analysis.
      1. Stop firewalls from forwarding any new samples to the WildFire appliance.
        1. Log in to the firewall web interface.
        2. Select
          Device > Setup > WildFire
           and edit
          General Settings
          .
        3. Clear the
          WildFire Private Cloud
           field.
        4. Click
          OK
           and
          Commit
          .
      2. Confirm that analysis for samples the firewalls already submitted to the appliance is complete:
        admin@WF-500(passive-controller)> 
        show wildfire latest samples
        If you do not want to wait for the WildFire appliance to finish analyzing recently-submitted samples, you can continue to the next step. However, consider that the WildFire appliance then drops pending samples from the analysis queue.
    2. Install the latest WildFire appliance content update.
      These updates equip the appliance with the latest threat information to accurately detect malware.
      admin@WF-500(passive-controller)> 
      request wf-content upgrade install version latest
    3. Download the PAN-OS 8.0.1 software version to the WildFire appliance.
      You cannot skip any major release version when upgrading the WildFire appliance. For example, if you want to upgrade from PAN-OS 6.1 to PAN-OS 7.1, you must first download and install PAN-OS 7.0.
      Download the 8.0.1 software version.
      admin@WF-500(passive-controller)> 
      request system software download version 8.0.1
      To check the status of the download, use the following command
      admin@WF-500(passive-controller)> 
      show jobs all
    4. Confirm that all services are running.
      admin@WF-500(passive-controller)> 
      show system software status
    5. Install the 8.0.1 software version.
      admin@WF-500(passive-controller)> 
      request system software install version 8.0.1
    6. Complete the software upgrade.
      1. Confirm that the upgrade is complete. Run the following command and look for the job type
        Install
         and status
        FIN
        :
        admin@WF-500(passive-controller)>
         show jobs all
        

Enqueued Dequeued ID Type Status Result Completed
----------------------------------------------------
14:53:15 14:53:15 5 Install FIN    OK   14:53:19
      2. Gracefully restart the appliance:
        admin@WF-500(passive-controller)> 
        request cluster reboot-local-node
        The upgrade process could take 10 minutes or over an hour, depending on the number of samples stored on the WildFire appliance.
    7. Repeat steps 1-6 for each WildFire worker node in the cluster.
    8. (Optional) View the status of the reboot tasks on the WildFire controller node.
      On the WildFire cluster controller, run the following command and look for the job type
      Install
       and Status
      FIN
      :
      admin@WF-500(active-controller)> 
      show cluster task pending
    9. Check that the WildFire appliance is ready to resume sample analysis.
      1. Verify that the sw-version field shows 8.0.1:
        admin@WF-500(passive-controller)> 
        show system info | match sw-version
      2. Confirm that all processes are running:
        admin@WF-500(passive-controller)> 
        show system software status
      3. Confirm that the auto-commit (
        AutoCom
        ) job is complete:
        admin@WF-500(passive-controller)> 
        show jobs all

    Related Documentation

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo