Troubleshoot Your PAN-OS Upgrade
Table of Contents
11.0
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.0
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Troubleshoot Your PAN-OS Upgrade
What troubleshooting can I do for my PAN-OS upgrade?
To troubleshoot your PAN-OS upgrade,
use the following table to review possible issues and how to resolve
them.
Symptom | Resolution |
---|---|
The software warranty license expired. | From the CLI, delete the expired license
key:
|
The latest PAN-OS software versions were
not available. | You can only see software versions that
are one feature release ahead of the current installed version.
For example, if you have an 8.1 release installed, only 9.0 releases
will be available to you. To see 9.1 releases, you first have to
upgrade to 9.0. |
Checking for dynamic updates failed. | This issue occurs due to a network connectivity error.
See the KnowledgeBase article Dynamic Updates Display Error
After Clicking On Check Now Button. |
No valid device certificate was found. | In PAN-OS 9.1.3 and later versions, a device certificate
must be installed if you are leveraging a Palo Alto Networks cloud
service. To install the device certificate:
|
The software image file failed to load onto
the software manager due to an image authentication error. | To update the software image list, click Check Now.
This establishes a new connection to the update server. |
The VMware NSX plugin version was not compatible
with the new software version. | The VMware NSX plugin was automatically installed
upon upgrade to 8.0. If you are not using the plugin, you can uninstall
it. |
The reboot time after upgrading to PAN-OS
9.1 was longer than expected. | Upgrade to Applications and Threats Content Release
Version 8221 or later. For more information on minimum software
and content versions, see <xref to 11.0 Associated Software and
Content Versions>. |
The device did not have support even when licenses
are active. | In DeviceSoftware, click Check
Now. This updates the licensing information on
the firewall by establishing a new connection to the update server. If
this does not work from the web interface, use request system software check. |
The firewall did not have a DHCP address assigned
to it by the DHCP server. | Configure a security policy rule allowing
the traffic from the ISP DHCP server to the internal networks. |
The firewall continuously boots into maintenance
mode. | In the CLI, Access the Maintenance Recovery
Tool (MRT). In the MRT window, select ContinueDisk Image. Select either Reinstall
<current version> or Revert to <previous
version>. Once the revert or reinstall operation completes,
select Reboot. |
In an HA configuration, the firewall goes
into a suspended state after upgrading the peer firewall with an
error that the firewall is too old. | Upgrading one firewall to a version that
is more than one major release ahead will result in a network outage.
You must upgrade both firewalls only one major release ahead before upgrading
to the next major release. Downgrade the peer firewall to
the version that the suspended firewall stopped at. |