Bootstrapping XFR images for VM-Series
8872
Created On 07/11/20 21:04 PM - Last Modified 07/14/20 21:41 PM
Symptom
- Bootstrap VM-Series to PAN-OS XFR releases such as 9.0.5-xfr is failing via Templates.
- When upgrading your VM-Series firewalls to a PAN-OS XFR image, you must first upgrade to the base (non-XFR) version of that release. For example, to upgrade from PAN-OS 8.1 to PAN-OS 9.0.5 XFR, you must upgrade your firewall to PAN-OS 9.0.5 and then to PAN-OS 9.0.5 XFR.
- In the scenario where Public Cloud Marketplace doesn't have 9.0.5 PAN-OS base image, adding two software images i.e. 9.0.5 and 9.0.5-xfr in bootstrap package under "/software", gives error as Image not found.
bts.log:
2020-05-11 10:40:05.669 -0700 INFO: Bootstrap log initialized -------------------------------------------------------------------------------- 2020-05-11 10:40:05.670 -0700 INFO: Running command: detect [] 2020-05-11 10:40:05.670 -0700 DEBUG: /mnt/install_media: created 2020-05-11 10:40:16.098 -0700 DEBUG: (/bin/mount | /bin/grep /mnt/install_media): Install media detected: (['/dev/sda2 on /mnt/install_media type ext3 (rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=writeback)\n'] []) 2020-05-11 10:40:16.098 -0700 DEBUG: Successfully mounted the VM install media 2020-05-11 10:40:16.098 -0700 DEBUG: Setup media logging 2020-05-11 10:40:16.098 -0700 DEBUG: Valid mounted media found. 2020-05-11 10:40:16.099 -0700 INFO: Media detected, Starting media sanity check 2020-05-11 10:40:16.099 -0700 DEBUG: Syslogging: /usr/local/bin/pan_elog -u 12 -e 201326627 -s informational -m "Media detected successfully" -x 2020-05-11 10:40:16.201 -0700 DEBUG: Adding status: Media Detection Success Media detected successfully 2020-05-11 10:40:16.304 -0700 DEBUG: (/bin/mount | /bin/grep /mnt/install_media): Install media detected: (['/dev/sda2 on /mnt/install_media type ext3 (rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=writeback)\n'] []) 2020-05-11 10:40:16.304 -0700 DEBUG: Found generic meta file: /mnt/install_media/config/init-cfg.txt 2020-05-11 10:40:16.305 -0700 DEBUG: VM in cloud mode, skipping config 2020-05-11 10:40:16.305 -0700 DEBUG: Performing image list validation {color:#d04437}2020-05-11 10:40:16.305 -0700 DEBUG: btsErrorSanity: Invalid image product type: PanOSXFR, expected panos(5){color} 2020-05-11 10:40:16.305 -0700 INFO: No valid software image is found on media. 2020-05-11 10:40:16.305 -0700 DEBUG: Syslogging: /usr/local/bin/pan_elog -u 12 -e 201326628 -s informational -m "Media sanity check successful" -x 2020-05-11 10:40:16.408 -0700 DEBUG: Adding status: Media Sanity Check Success Media sanity check successful 2020-05-11 10:40:16.409 -0700 INFO: Bootstrap media sanity check passed 2020-05-11 10:40:16.409 -0700 INFO: System upgrade state: firstboot, starting upgrade mode 2020-05-11 10:40:16.409 -0700 INFO: Bootstrap media detection completed.
Environment
- Platform: VM-Series on Microsoft Azure
- PAN-OS / Plugin Version: Any
- Deployment: Existing
Cause
- Upgrading firewalls to XFR image via bootstrap is not support and unqualified.
- Bootstrap with XFR images is not recommended.
Resolution
- Bootstrap firewalls to a base (non-XFR) version of that release i.e. PAN-OS 9.0.3 or 9.0.5.
- Manually download and install respective XFR image either from firewall GUI or CLI. Reboot the device.