Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Palo Alto Firewall upgrade Software

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Douzi needs to upgrade the software of Palo Alto firewall this morning. The last upgrade was six months ago, and the current version is 8.0.8, while the latest version is 8.1.2. Because multiple versions are spanned in between, the upgrade needs to go from 8.0.8-> 8.1.0-> 8.1.2. You need to back up before each upgrade, and if something goes wrong, you can roll back.

Here is a simple record of the process.

Douzi uses two PaloAlto devices, set to HA highly available, so that one of them dies and automatically switches to the other. However, do not take it lightly, if you do not operate properly, it may lead to the failure of HA failover.

HA1 management address: 10.1.99.101

HA2 management address: 10.1.99.102

Private network interface address: 10.10.1.1

When logging in to the administrative interface, if you log in through the private network address, he will automatically jump to the device where you are currently working; if you log in through the administrative address, only the currently working device is allowed to log in; of course, the interface after login is the same.

First you need to back up the configuration file

Device > Setup > Operations > Save Named Configuration Snapshot

Export Profil

Device > Setup > Operations > Export Named Configuration Snapshot

Export device statu

Device > Setup > Operations > Export Device State

Here is the file I exported

Generate a technical support file, just in case

Cancel preemptive, and then commit submit

Device > High Availability > Election Settings

Then do a manual HA failover

Device > High Availability > Operations > Click Suspend local device.

Don't quit the current management session after clicking, or you won't be able to get in. Unless you HA failover again on another device, transfer the management session back.

Then you can prepare to download and upgrade.

Download, install

He will prompt for a restart.

After reboot, you can log in to the second device, repeat the above steps, and install the upgrade. If you need to upgrade multiple times, you need to remember to back up before each upgrade in order to roll back.

It is worth noting that in normal management, the IP is logged in directly through the intranet port, but you must not do this when upgrading. You must log in from the firewall device's own management IP, otherwise the Failover may be impassable and the network will hang up directly. Don't ask me why I know. Of course, even if this problem occurs, you can generally restart the device.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 251

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report