Panorama Plugins Upgrade/Downgrade Considerations
Table of Contents
10.2
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 10.2
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Panorama Plugins Upgrade/Downgrade Considerations
Upgrade/downgrade considerations for Panorama plugins.
The following table lists the new features that have
upgrade or downgrade impact. Make sure you understand fall upgrade/downgrade
considerations before you upgrade to or downgrade from a PAN-OS
10.2 release. For additional information about PAN-OS 10.2 releases,
refer to the PAN-OS 10.2 Release Notes.
Feature | Upgrade Considerations | Downgrade Considerations |
---|---|---|
Panorama Plugins
| Before you upgrade to PAN-OS 10.2, you must download
the Panorama plugin version supported on PAN-OS 10.2 for all plugins
installed on Panorama. This is required to successfully upgrade
to PAN-OS 10.2. See the list of Compatible Plugin Versions for
PAN-OS 10.2 for more information. | To downgrade from PAN-OS
10.2, you must download the Panorama plugin version supported on
PAN-OS 10.1 and earlier releases for all plugins installed on Panorama. See
the Panorama Plugins Compatibility
Matrix for more information. |
(Enterprise DLP) After upgrading Panorama
to PAN-OS 10.2, you must install Application and Threats content
release version 8520 on all managed firewalls
running PAN-OS 10.2 or earlier release. This is required to successfully
push configuration changes to managed firewalls leveraging Enterprise
DLP that you did not upgrade to PAN-OS 10.2. | ||
(Enterprise DLP) Loading a Panorama configuration
backup that does contain the Shared Enterprise DLP configuration
deletes the shared App exclusion filter required to scan non-file
based traffic. | ||
(SD-WAN) Panorama plugin for SD-WAN
2.2 and earlier releases are not supported in PAN-OS 10.2. Upgrading
a Panorama management server to PAN-OS 10.2 when the Panorama plugin for
SD-WAN 2.2 or earlier release is installed causes the SD-WAN plugin
to be hidden in the Panorama web interface or causes the SD-WAN
configuration to be deleted. In both cases, you are unable to install
a new SD-WAN plugin version or uninstall the SD-WAN plugin. | ||
SD-WAN | After successful upgrade of Panorama to
PAN-OS 10.2 and the Panorama plugin from SD-WAN version 2.0.0 to SD-WAN
version 3.0, you must clear the SD-WAN cache on Panorama for existing
SD-WAN deployments only. Clearing the SD-WAN cache does not
delete any existing SD-WAN configuration but deletes the IP address, tunnel,
and gateway naming conventions for the new format introduced in
Panorama plugin for SD-WAN version 3.0. For new deployments
of SD-WAN, you do not need to clear the SD-WAN cache on Panorama
if you install the Panorama plugin for SD-WAN version 3.0 on Panorama
after you upgrade to PAN-OS 10.2.
| None. |
Enterprise DLP | When upgrading to PAN-OS 10.2.3 from an
earlier PAN-OS 10.2 version, you must first download and install
the DLP 3.0.2 plugin. |
(DLP Plugin 3.0.3) Before you downgrade the Panorama plugin
for Enterprise DLP to version 3.0.2 or later release, you must edit
the Max File Size (MB) in the Enterprise DLP data filtering
settings to 20MB or less.
Inspection of file larger than 20MB is supported on Enterprise DLP
3.0.3 and later 3.0 releases only. |