Upgrade a Cluster Locally with an Internet Connection
To upgrade a cluster locally, you must individually upgrade each WildFire appliance enrolled in a cluster. When an appliance finishes upgrading, it automatically re-enrolls into the cluster that it was originally assigned to.
- Temporarily suspend sample analysis.
- Stop firewalls from forwarding any new samples to the WildFire appliance.
- Log in to the firewall web interface.
- SelectDevice > Setup > WildFireand editGeneral Settings.
- Clear theWildFire Private Cloudfield.
- Confirm that analysis for samples the firewalls already submitted to the appliance is complete:admin@WF-500(passive-controller)>show wildfire latest samplesIf you do not want to wait for the WildFire appliance to finish analyzing recently-submitted samples, you can continue to the next step. However, consider that the WildFire appliance then drops pending samples from the analysis queue.
- Install the latest WildFire appliance content update.These updates equip the appliance with the latest threat information to accurately detect malware.admin@WF-500(passive-controller)>request wf-content upgrade install version latest
- Verify that the WildFire appliance software version you want to install is availableadmin@WF-500(passive-controller)>request system software check
- Download the PAN-OS 9.0 software version to the WildFire appliance.You cannot skip any major release version when upgrading the WildFire appliance. For example, if you want to upgrade from PAN-OS 6.1 to PAN-OS 7.1, you must first download and install PAN-OS 7.0.Download the 9.0.0 software version.admin@WF-500(passive-controller)>request system software download version 9.0.0To check the status of the download, use the following commandadmin@WF-500(passive-controller)>show jobs all
- Confirm that all services are running.admin@WF-500(passive-controller)>show system software status
- Install the 9.0 software version.admin@WF-500(passive-controller)>request system software install version 9.0.0
- Complete the software upgrade.
- Confirm that the upgrade is complete. Run the following command and look for the job typeInstalland statusFIN:admin@WF-500(passive-controller)>show jobs allEnqueued Dequeued ID Type Status Result Completed ---------------------------------------------------- 14:53:15 14:53:15 5 Install FIN OK 14:53:19
- Gracefully restart the appliance:admin@WF-500(passive-controller)>request cluster reboot-local-nodeThe upgrade process could take 10 minutes or over an hour, depending on the number of samples stored on the WildFire appliance.
- Repeat steps 1-7 for each WildFire worker node in the cluster.
- (Optional) View the status of the reboot tasks on the WildFire controller node.On the WildFire cluster controller, run the following command and look for the job typeInstalland StatusFIN:admin@WF-500(active-controller)>show cluster task pending
- Check that the WildFire appliance is ready to resume sample analysis.
- Verify that the sw-version field shows 9.0.0:admin@WF-500(passive-controller)>show system info | match sw-version
- Confirm that all processes are running:admin@WF-500(passive-controller)>show system software status
- Confirm that the auto-commit (AutoCom) job is complete:admin@WF-500(passive-controller)>show jobs all
- Confirm that data migration has successfully completed. Runshow cluster data-migration-statusto view the progress of the database merge. After the data merge is complete the completion timestamp displays:100% completed on Mon Sep 9 21:44:48 PDT 2019The duration of a data merge depends on the amount of data stored on the WildFire appliance. Be sure to allot at least several hours for recovery as the data merge can be a lengthy process.
Recommended For You
Recommended videos not found.