如何执行 PANOS 升级从 CLI ?
91644
Created On 12/11/19 03:20 AM - Last Modified 03/26/21 17:58 PM
Objective
PAN-OS使用 CLI 命令进行升级。
Environment
- 帕洛阿尔托 Firewall .
- 任何 PAN-OS .
Procedure
- 使用 显示系统信息 来检查当前版本。 下面的示例是 9.0.3 版本。
admin@Lab-5250> show system info
hostname: Lab-5250
ip-address: x.x.x.x
public-ip-address: unknown
netmask: 255.255.254.0
default-gateway: x.x.x.1
ip-assignment: static
ipv6-address: unknown
ipv6-link-local-address: fe80::a66:1fff:fe01:17b7/64
ipv6-default-gateway:
mac-address: 08:66:1f:01:17:b7
time: Tue Dec 10 16:41:04 2019
uptime: 0 days, 0:53:14
family: 5200
model: PA-5250
serial: 013101004385
cloud-mode: non-cloud
sw-version: 9.0.3
- 使用 请求系统软件检查 ,以检查 PAN-OS 哪些下载的 firewall 。
admin@Lab-5250> request system software check Version Size Released on Downloaded ------------------------------------------------------------------------- 9.0.5 871MB 2019/11/14 00:55:23 no 9.0.4 821MB 2019/09/26 11:28:03 no 9.0.3 816MB 2019/07/12 10:34:48 yes 9.0.3-h3 816MB 2019/08/20 21:09:09 yes 9.0.3-h2 816MB 2019/08/08 13:14:10 no 9.0.2 812MB 2019/05/09 07:55:14 no 9.0.2-h4 816MB 2019/06/27 11:47:18 yes 9.0.1 796MB 2019/03/28 08:40:39 yes 9.0.0 1375MB 2019/02/06 00:37:57 yes 8.1.11 926MB 2019/10/16 08:36:54 yes 8.1.10 926MB 2019/08/29 00:31:57 yes 8.1.9 925MB 2019/07/05 19:02:42 no ..... <Output Omitted>
- 使用 请求系统软件下载 命令下载所需 PAN-OS 版本。 在此示例中正在下载 9.0.4 版本。
admin@Lab-5250> request system software download version 9.0.4
Download job enqueued with jobid 33590
- 使用上述步骤中显示的工作编号检查下载状态。 软件下载后,将看到成功加载 的消息。
admin@Lab-5250> show jobs id 33590
Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2019/12/10 14:50:00 14:50:00 33590 Downld FIN OK 14:50:10
Warnings:
Details:Successfully downloaded
Preloading into software manager
Successfully loaded into software manager
- 使用 请求系统软件信息 再次显示正在下载的新版本为"是"。 在这种情况下,下载9.0.4版本。
admin@Lab-5250> request system software info
Version Size Released on Downloaded
-------------------------------------------------------------------------
9.0.5 871MB 2019/11/14 00:55:23 no
9.0.4 821MB 2019/09/26 11:28:03 yes
9.0.3 816MB 2019/07/12 10:34:48 yes
9.0.3-h3 816MB 2019/08/20 21:09:09 yes
9.0.3-h2 816MB 2019/08/08 13:14:10 no
9.0.2 812MB 2019/05/09 07:55:14 no
.....
<Output Omittted>
- 下载的软件现在可以使用 请求系统软件安装命令进行安装 。 在此示例中正在安装 9.0.4 版本。
admin@Lab-5250> request system software install version 9.0.4
Executing this command will install a new version of software. It will not take effect until system is restarted. Do you want to continue? (y or n)
Software install job enqueued with jobid 33591. Run 'show jobs id 33591' to monitor its status. Please reboot the device after the ins
tallation is done.
- 使用 显示作业 ID 命令验证安装是否完成。 作业数见上一个命令的输出。 安装可能需要几分钟才能完成。
admin@Lab-5250> show jobs id 33591
Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2019/12/10 14:53:05 14:53:05 33591 SWInstall FIN OK 14:54:20
Warnings:
Details:Software installation successfully completed. Please reboot to switch to the new version.
- 使用 请求重新启动系统 重新启动,以便新版本生效。
admin@Lab-5250> request restart system
Executing this command will disconnect the current session. Do you want to continue? (y or n)
Broadcast message from root (pts/0) (Tue Dec 10 19:02:22 2019):
The system is going down for reboot NOW!
- firewall现在的靴子与新版本的软件。
admin@Lab-5250> show system info
hostname: Lab-5250
ip-address: 10.46.34.144
public-ip-address: unknown
netmask: 255.255.254.0
default-gateway: 10.46.34.1
ip-assignment: static
ipv6-address: unknown
ipv6-link-local-address: fe80::a66:1fff:fe01:17b7/64
ipv6-default-gateway:
mac-address: 08:66:1f:01:17:b7
time: Tue Dec 10 16:41:04 2019
uptime: 0 days, 0:53:14
family: 5200
model: PA-5250
serial: 013101004385
cloud-mode: non-cloud
sw-version: 9.0.4
......
<Output Omitted>
Additional Information
PAN-OS 升级通常是使用 GUI 。 无法 CLI 升级时,使用上述文档的程序 GUI 。 PAN-OS 升级的最佳实践有关于升级清单、依赖项以及 Panorama 防火墙和防火墙的程序的详细信息。