Switching Panorama VM from Legacy mode to Panorama mode

Switching Panorama VM from Legacy mode to Panorama mode

76147
Created On 04/06/20 10:55 AM - Last Modified 02/26/22 03:42 AM


Objective


Switching a Panorama VM from legacy mode to Panorama mode mandates meeting minimum resource requirements depending on the number of managed devices and the desired log storage

Environment


This article provides a step by step procedure on how to change the mode of Panorama hosted in ESXi Hypervisor from "Legacy" to "Panorama". However, the process will be similar to other hypervisors as well

Procedure


  1. Check the exact requirements for the CPUs, memory, and logging disks for Panorama mode depending on your environment at https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/set-up-panorama/set-up-the-panorama-virtual-appliance/setup-prerequisites-for-the-panorama-virtual-appliance.html
 
  1. Schedule a maintenance window to increase the resources of Panorama since a reboot will be required to proceed with the operation. If Panorama is deployed in an HA configuration, perform the following steps on the secondary peer first and then on the primary peer.
 
  1. If the system disk of Panorama is less than 81G (This could be the case if Panorama was upgraded from older software versions), first increase the size of the system disk using the guide https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POJPCA4
 
  1. Confirm that Panorama is running in legacy mode either from the CLI or the GUI:
    1. CLI: Run the command:  
      show system info | match system-mode
    2. GUI: Check the "General Information" on the Dashboard: 
 
User-added image
  1. Shut down Panorama from the GUI by navigating to Panorama > Operations > and then selecting Shutdown Panorama, or from the CLI by running the below command: 
  • request shutdown system

    Enter y when prompted to continue
     

  1. From the vSphere Client console, Right-click the Panorama virtual appliance and select "Edit Settings"
 
  1. Add the required CPU and memory that was determined from step 1 as shown below: 
User-added image
  1. Add a new virtual disk of 2TB by clicking on "Add New Device" and selecting "Hard Disk", then specify the size to be 2TB as shown below:
User-added image
User-added image
  1. Power on Panorama by Right-clicking on the Panorama virtual appliance and select Power > Power On
 
  1. When Panorama comes up, change the system-mode from Legacy to Panorama by running the below command from the CLI:
  • request system system-mode panorama

    Enter y when prompted to reboot Panorama. After rebooting, Panorama automatically creates a local Log Collector (named Panorama) and creates a Collector Group (named default) to contain it
     

  1. If the resources allocated to Panorama were insufficient to change it to Panorama mode, the command from the previous step will list the requirements needed to perform the change. Below is an example of a failure in changing the mode due to insufficient resources:
 
User-added image
 
  1. When Panorama comes up, confirm that the mode was successfully changed to "Panorama" from the CLI or the GUI (In HA deployments, the secondary Panorama will boot in "suspended" state because its mode does not match the mode on the primary peer):
    1. CLI: Run the command:  
      show system info | match system-mode
    2. GUI: Check the "General Information" on the Dashboard:

User-added image
 
  1. Verify that the default collector group has been created by navigating to Panorama > Collector Groups and confirm that the local Log Collector is part of it.
 
  1. Synchronize the default Collector Group with Panorama:
    1. Commit any pending changing by selecting Commit > Commit to Panorama
    2. Select Commit > Push to Devices and Edit Selections
    3. Select Collector Groups and add the default collector group
    4. Click OK then Push
 
  1. Verify that the collector group is synchronized with Panorama by navigating to Panorama > Managed Collectors and confirming that the Configuration Status is "In Sync" and the Run Time Status is "connected". The Collector Name will show the hostname of Panorama.
 
  1. In case of HA deployments, switch the primary Panorama from Legacy mode to Panorama mode:
    1. Repeat steps 3 to 12 on the primary Panorama
    2. From the dashboard of the primary Panorama, synchronize the config to the secondary peer by navigating to the HA Widget on the Dashboard and clicking on Sync to Peer then Yes
    3. Unsuspend the secondary Panorama by navigating to Panorama > High Availability > Operational Commands and selecting Make local Panorama functional
 
  1. To see the old logs on Panorama, they need to be migrated to the newly added virtual logging disks, as shown below (In case of HA deployments, the below steps are needed on the Primary Panorama only):
    1. From the CLI, start the migration by running the command: 
      • request logdb migrate vm start
    2. The duration of the process varies by the volume of the migrated log data. To check the status of the migration, run the following command: 
      • request logdb migrate vm status
    3. When the migration finishes, the output displays:  
      • migration has been done
 
  1. Confirm that the old logs are visible on Panorama by navigating to Panorama > Monitor and searching for existing logs.

Additional Information


 
  • If the size of the virtual logging disk is less than 2TB, then it cannot be extended in the future. That's why it is recommended to have the size at least at 2TB or more.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPTzCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail