Upgrade a Cluster Locally with an Internet Connection

1. Temporarily suspend sample analysis.
   1. Stop firewalls from forwarding any new samples to the WildFire appliance.
      1. Log in to the firewall web interface.
      2. Select Device > Setup > WildFire and edit General Settings.
      3. Clear the WildFire Private Cloud field.
      4. Click OK and Commit.
   2. Confirm that analysis for samples the firewalls already submitted to the appliance is complete:

      admin@WF-500(passive-controller)> show wildfire latest samples

      If you do not want to wait for the WildFire appliance to finish analyzing recently-submitted samples, you can continue to the next step. However, consider that the WildFire appliance then drops pending samples from the analysis queue.
2. Install the latest WildFire appliance content update.
   These updates equip the appliance with the latest threat information to accurately detect malware.

   admin@WF-500(passive-controller)> request wf-content upgrade install version latest

3. Download the PAN-OS 8.0.1 software version to the WildFire appliance.
   You cannot skip any major release version when upgrading the WildFire appliance. For example, if you want to upgrade from PAN-OS 6.1 to PAN-OS 7.1, you must first download and install PAN-OS 7.0.
   Download the 8.0.1 software version.

   admin@WF-500(passive-controller)> request system software download version 8.0.1

   To check the status of the download, use the following command

   admin@WF-500(passive-controller)> show jobs all

4. Confirm that all services are running.

   admin@WF-500(passive-controller)> show system software status

5. Install the 8.0.1 software version.

   admin@WF-500(passive-controller)> request system software install version 8.0.1

6. Complete the software upgrade.
   1. Confirm that the upgrade is complete. Run the following command and look for the job type Install and status FIN:

      admin@WF-500(passive-controller)> show jobs all
      
      Enqueued Dequeued ID Type Status Result Completed
      ----------------------------------------------------
      14:53:15 14:53:15 5 Install FIN    OK   14:53:19

   2. Gracefully restart the appliance:

      admin@WF-500(passive-controller)> request cluster reboot-local-node

      The upgrade process could take 10 minutes or over an hour, depending on the number of samples stored on the WildFire appliance.
7. Repeat steps 1-6 for each WildFire worker node in the cluster.
8. (Optional) View the status of the reboot tasks on the WildFire controller node.
   On the WildFire cluster controller, run the following command and look for the job type Install and Status FIN:

   admin@WF-500(active-controller)> show cluster task pending

9. Check that the WildFire appliance is ready to resume sample analysis.
   1. Verify that the sw-version field shows 8.0.1:

      admin@WF-500(passive-controller)> show system info | match sw-version

   2. Confirm that all processes are running:

      admin@WF-500(passive-controller)> show system software status

   3. Confirm that the auto-commit (AutoCom) job is complete:

      admin@WF-500(passive-controller)> show jobs all