Skip to main content

Panorama - Software Updates

The current Panorama, Log Collectors and Firewall software version is currently at 11.0.4-h2, h stands for Hotfix. We aim to be as close as possible with Palo Alto software releases on both the Panorama management servers and the firewall servers. The Panorama’s must always be the same or higher software version then the Palo’s.

Current Estate

We have infrastructure in UKSouth listed below.

  • 1 sbox Panorama servers in Panorama mode (1 in UKSouth)
  • 2 prod Panorama servers in HA mode (2 in UKSouth)
  • 1 Log collector (in UKSouth)

Update Process

The Panorama’s need to updated in the above order under current estate.

To update the Panorama servers is straight forward and there are already documented steps to follow in the Upgrade Panorama with an Internet Connection documentation.

For the prod Panorama’s in HA mode please follow the Upgrade Panorama in an HA Configuration guide.

Updates via Panorama

There is an extensive guide, Deploy Upgrades to Firewalls, Log Collectors, and WildFire Appliances Using Panorama with steps on how to use Panorama to update other resources and the Firewalls.

Log in details for UKSouth Panorama management servers requires only your HMCTS account as SSO has been setup, if you need elevated privileges e.g. to reboot the vm then log in using the admin details mentioned below.

Log Collectors

At the time of last update for the Log Collectors, this was done manually by logging on to the vms. Admin login details for each region’s Panorama management server can be found in the respective panorama-sbox-xxx-kv or panorama-prod-xxx-kv keyvault in Azure. This would be the panorama-admin-username and panorama-admin-password items. Please follow the below steps.

  • Login on to the log collector vm, you need to be on the VPN and via the bastions
  • Run the follow commands in order
  show system info | match sw-version

to get the current version

  request system software check

to get available versions to install

  request system software download version <version-number>

to download target version, this will output a job id

  show jobs id <job-id>

to view job status

  request system software install version <version-number>

to install target version, this returns a job id

  show jobs id <job-id>

to view job status

  request restart system

to restart the system, This will disconnect you from the SSH CLI session that you are connected to

If you receive an error ‘requires a content version of 8770 or greater and found 8770 or greater found 8762-8327’, you need update prior to updating the software version.

  request content upgrade download latest

  request content upgrade install version latest

  • Log back on to the Log Collector, give 5 to 7min for it to reboot
    Run the show system info command as above to verify that the version has been updated

  • Log on to the Panorama management web UI, navigate to Panorama -> Managed Collectors and verify that the Panorama log collector Status entries are connected and In sync and the Software Version also reflects the new version

This page was last reviewed on 12 July 2024. It needs to be reviewed again on 12 October 2024 by the page owner platops-build-notices .
This page was set to be reviewed before 12 October 2024 by the page owner platops-build-notices. This might mean the content is out of date.