Hi SecGuru thank you so much for your videos it helps me a lot in my everyday work. I have a question for you. The situation is like this. We have a Panorama with version 8.1.23 and this Panorama manages 2 HA firewalls but since 8.1 is already EOL i need to upgrade it to 9.x or 10.x The problem is the hardware does not support either 9.x or10.x and my company does not want to upgrade the hardware memory to be able to handle the new version. Now my only option is to remove the 2 HA firewalls from the Panorama and will make them as standalone. Meaning whenever i need to make changes or manages the firewalls i will do it directly on the firewalls and not on the Panorama. Then I can decomm my Panorama. Can you please help me to perform this task? Or maybe you can make a new video that i or all your subscribers can follow? Thank you very much in advance and keep it up!
Thank you for your comment, may you share the hardware model of panorama? Just wanted to double check if we have any options.. also how many more firewalls are being managed through panorama now ?
According to Palo alto documentations both of the firewalls should have same PAN-OS versions, so when we upgrade and reboot the secondary it will have a different version than primary active. So my question is how does the both firewalls sync the connection tablee?
Once we break HA there won’t be sync between the devices and still with zero downtime we can do upgrade with second device, order goes like this After breaking Ha, Secondary first and primary next
@SecGuru, great video. I found the palo alto document "Determine the Upgrade Path" and it just only download base image 9.0.0 (not install) and then download and install the latest preferred (9.1.xx) . Can you confirm whether we need to install and reboot on the base image or not?
Thank you that is helpful and informative. What it doesn't reference is the application version content software that must be deployed with each version upgrade? I suspect you are running a version without the requirement for threat content upgrades - i.e no threat licence installed?
@SecGuru, great video. Sorry to ask this as I am usually performing Linux administration and not network device software updates, but can you tell me please; are the upgrade paths similar to Gitlab whereby you have to upgrade to the last minor release of your OS, before hopping over to the next major release? Thank you in advance.
Hi this is very useful and you explained very well. I have configured palo alto using vm ware workstation and eve-ng. My Palo alto firewall has internet connection but I did not get any software updates. what could be the reason?
Thank you, you need to check if DNS configured along with ACL required for Palo Alto updates communication. Check system logs as it will provide additional information for your traffic.
@@secguru6104 Hi at the starting of video 1.23 min you mentioned recommended step, the backup which you have taken.. When to use that backup? In which condition that backup is useful and how to use it?
Did you have to manually install the base 9.0 and 10.0 versions? It seems that you only installed the preferred release.
Thanks for your efforts in posting this video
Thanks for the immense comment! Please subscribe and refer to your friends
very useful learned a lot from the video
Thank you
Waiting for more videos 👍👍
Sure 😊
Hi SecGuru thank you so much for your videos it helps me a lot in my everyday work. I have a question for you. The situation is like this. We have a Panorama with version 8.1.23 and this Panorama manages 2 HA firewalls but since 8.1 is already EOL i need to upgrade it to 9.x or 10.x The problem is the hardware does not support either 9.x or10.x and my company does not want to upgrade the hardware memory to be able to handle the new version. Now my only option is to remove the 2 HA firewalls from the Panorama and will make them as standalone. Meaning whenever i need to make changes or manages the firewalls i will do it directly on the firewalls and not on the Panorama. Then I can decomm my Panorama. Can you please help me to perform this task? Or maybe you can make a new video that i or all your subscribers can follow? Thank you very much in advance and keep it up!
Thank you for your comment, may you share the hardware model of panorama? Just wanted to double check if we have any options.. also how many more firewalls are being managed through panorama now ?
Thank you so much for valuable information would expecting more videos :)
According to Palo alto documentations both of the firewalls should have same PAN-OS versions, so when we upgrade and reboot the secondary it will have a different version than primary active.
So my question is how does the both firewalls sync the connection tablee?
That’s why we need to break the HA and do upgrades
@@secguru6104 in that case thare won't be full connection sync happening and it won't be a Zero downtime upgrade. am i right?
Once we break HA there won’t be sync between the devices and still with zero downtime we can do upgrade with second device, order goes like this
After breaking Ha,
Secondary first and primary next
The maintenance ver and preferred ver is the same?
@SecGuru, great video. I found the palo alto document "Determine the Upgrade Path" and it just only download base image 9.0.0 (not install) and then download and install the latest preferred (9.1.xx) . Can you confirm whether we need to install and reboot on the base image or not?
Thank you that is helpful and informative. What it doesn't reference is the application version content software that must be deployed with each version upgrade? I suspect you are running a version without the requirement for threat content upgrades - i.e no threat licence installed?
plz will do Packet Capture Filters via CLI using debug commands ?
Sure, thanks for the feedback
check this video
ua-cam.com/video/srQLp0kcJsY/v-deo.html
@SecGuru, great video. Sorry to ask this as I am usually performing Linux administration and not network device software updates, but can you tell me please; are the upgrade paths similar to Gitlab whereby you have to upgrade to the last minor release of your OS, before hopping over to the next major release?
Thank you in advance.
Thanks for you, very useful
Hello. how can i find out the maintance release?
Thank you so much..🙏🙏
Hi this is very useful and you explained very well.
I have configured palo alto using vm ware workstation and eve-ng. My Palo alto firewall has internet connection but I did not get any software updates. what could be the reason?
Thank you, you need to check if DNS configured along with ACL required for Palo Alto updates communication. Check system logs as it will provide additional information for your traffic.
@@secguru6104 Hi at the starting of video 1.23 min you mentioned recommended step, the backup which you have taken.. When to use that backup? In which condition that backup is useful and how to use it?
Thank you .. I will say Palo Alto Update is poorly designed. It should not make you do so many updates to get where you need to be.
I can understand but I hope you were able to achieve what you needed!