Install a PAN-OS Software Patch
Table of Contents
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Install a PAN-OS Software Patch
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.1
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Install a PAN-OS Software Patch
- Revert Content Updates from Panorama
-
Install a PAN-OS Software Patch
Install critical bug and Common Vulnerability and Exposure (CVE) fixes on your
Panorama™ management server.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Review the PAN-OS 11.1 Release Notes and then use the
following procedure to install a PAN-OS software patch to address bugs and Common
Vulnerability and Exposures (CVE) in the PAN-OS release currently running on your
Panorama™ management server. Installing a PAN-OS software patch applies fixes to
bugs and CVEs without the need to schedule a prolonged maintenance and allows you to
strengthen your security posture immediately without introducing any new known
issues or changes to default behaviors that may come with installing a new PAN-OS
release. Additionally, you can revert the currently installed software patch to
uninstall the bug and CVE fixes applied when you installed the software patch.
A system log is generated () when a PAN-OS software patch is installed or reverted. An outbound
internet connection is required to download the PAN-OS software patch from the Palo
Alto Networks Customer Support Portal.
Monitor
Logs
System
Install
Install critical bug and Common Vulnerability and Exposure (CVE) fixes when your
Panorama™ management server has outbound internet access.
- SelectandPanoramaSoftwareCheck Nowto retrieve the latest PAN-OS software patches from the Palo Alto Networks Update Server.
- Check (enable)Include Patchto display all available PAN-OS software patches.
- Locate the software patch for the PAN-OS release currently installed on Panorama.A software patch is denoted by aPatchlabel displayed alongside theVersionname.
- ViewMore Infoto review the software patch details such as the critical bug and CVE fixes and whether the Next-Gen firewall needs to be restarted for the fixes to be applied.
- Downloadthe software patch.(HA only) Check (enable) Sync to HA Peer andContinue Downloadto download the PAN-OS software patch.ClickCloseafter the software patch successfully downloaded.
- Installthe software patch.After the software patch has successfully installed, clickClose.
- Applythe software patch.ClickApplywhen prompted to confirm you want to apply the installed PAN-OS software patch to Panorama.A status bar is displayed showing the current progress of the PAN-OS software patch application. ClickCloseafter the patch is successfully applied.At this point, Panorama automatically reboots if a reboot is required to complete applying the PAN-OS software patch to Panorama.
- (HA only) Install the PAN-OS software patch on the Panorama HA peer.
- Log in to the Panorama web interface of the HA peer.
- SelectPanoramaSoftwareCheck Now.
- Installthe software patch.
- Reboot Panorama if required.
Revert
Revert the critical bug and Common Vulnerability and Exposure (CVE) fixes applied by
installing the PAN-OS software patch on Panorama™ management server.
- Selectand locate the PAN-OS software patch you want to revert.PanoramaSoftware
- Revertthe software patch.ClickRevertwhen prompted to confirm you want to revert the installed PAN-OS software patch on Panorama.A status bar is displayed showing the current progress of the PAN-OS software patch application. ClickCloseafter the patch is successfully applied.At this point, the firewall automatically reboots if a reboot is required to complete applying the PAN-OS software patch to Panorama.