DotW: PAN-OS Upgrade

DotW: PAN-OS Upgrade

Created On 09/25/18 19:05 PM - Last Modified 07/18/19 20:12 PM


Should I upgrade PAN-OS? What are the recommendations and the risks? Are there others who can share their experiences? You're not alone as you wrestle with important issues about upgrading, a topic that deserves some extra attention in this week's Discussion of the Week (DotW).



pan-os upgrade


A number of our community members jumped into the discussion, sharing their experience, recommendations, and points of view.


One of the first questions to ask is 'Why do I want to upgrade?' as user Brandon_Wertz pointed out.

Following are the most common reasons for upgrading:


1. To have the newest PAN-OS version.

2. To use some of the new features provided in the new PAN-OS version.

3. To get a specific fix which isn't available in your current PAN-OS version.


Let's have a look at these key reasons in more detail:


To have the latest PAN-OS version

Although the general train of thought might be that newer is better, there are a few things to consider before making this assumption.  


Let's use the example of user jprovine, who's planning to go from PAN-OS 6.1.7 to PAN-OS 7.0.3, two different releases on two different versions of PAN-OS.  Under normal circumstances, we add features and optimization to the major release (6.0, 6.1, 7.0 and so on). The minor releases usually carry bug fixes and patches for issues seen earlier on that particular version.


For a list of the newest PAN-OS versions, please see PAN-OS Software Updates. (a support account is required to access this page)



To use new features provided in the latest PAN-OS version

A valid reason to upgrade for sure. Both users mlinsemier and Brandon_Wertz shared their experience on the topic.


Something to consider is whether the new features are business critical or just nice to have. Also, will you be upgrading right away or opt to wait a while, knowing that a newer version will be out soon? The extra few days of waiting could save needing to upgrade twice. This was brought up in the discussion where several users discussed waiting for PAN-OS 7.0.4.


For a nice overview of the new features in PAN-OS 7.0.x, please see PAN-OS 7.0 new features.


To get a specific fix

Also a valid reason to upgrade. However, even in this scenario, there are some considerations.


Having a workaround in the current PAN-OS version might save you from needing to upgrade right away.  In some scenarios, where a specific feature isn't business critical, you could even disable it.


So what about the risks?

If you are upgrading, the goal is to reduce and control risk as much as possible. Below are some pointers to help you reduce risk associated with upgrading:


  • If you are planning an upgrade, check the release notes that accompany the software updates. The release notes  have a section titled 'Known Issues.' You can find the release notes on the PAN-OS Software Updates page. (a support account is required to access this page) 
  • Having a discussion forum like this is useful, where users can share their experiences.
  • Ideally, plan your upgrade during a maintenance window to minimize the impact on your production environment.
  • Always make a backup of your config before starting the upgrade.

Note that tips and pointers aren't limited to the list above, but it's a good starting point to your upgrade path.


You can follow the entire discussion in the link here 7.0.3 Upgrade.  Feel free to add your experience and comments to the discussion.


As always, we welcome feedback and comments below.


Thanks for reading.

Kim Wens

  • Print
  • Copy Link

Choose Language