Firmware upgrade to 9.0 fails with UUID error

Firmware upgrade to 9.0 fails with UUID error

25204
Created On 03/01/19 09:42 AM - Last Modified 11/02/19 03:12 AM


Symptom


Firmware installation of 9.0.0 fails on Firewall with the error "Panorama pushed rules don't have UUID for the following vsys"

User-added image

Environment


  • Panorama running PAN-OS 8.1.x or Lower.
  • Managed Firewalls attempting Upgrade to 9.0.0 version.

Cause


  •  A universally unique identifier (UUID) is associated with each rule on the firewall and Panorama starting from 9.0 version. 
  •  Firewalls running 9.0 would expect that value to be present in the configuration file. 
  •  Panorama Pushed Policies does not have UUID value and hence the installation fails.

 

Resolution


  1.  First Upgrade Panorama to 9.0 
  2.  Push the rules from 9.0 Panorama to 8.1 Firewall. In this step, Panorama will push UUIDs for all the rules. 
  3.  Upgrade firewall to 9.0. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boFGCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail