VM Firewall In HA goes to non-functional state when upgrading from 10.0.11 to 10.1.5-hx or higher

VM Firewall In HA goes to non-functional state when upgrading from 10.0.11 to 10.1.5-hx or higher

2342
Created On 03/06/23 17:34 PM - Last Modified 04/06/24 01:10 AM


Symptom


  • VM Firewall In HA goes to non-functional state when upgrading from 10.0.11 to 10.1.5-hx or higher.
  • HA Failover reason: Version mismatches with peer for VMS.
  • One firewall has Plugin version 2.1.0 - 2.1.5 and another has 2.1.6 or higher plugin version.

Environment


  • VM series firewall
  • High Availability (HA) Setup
  • VM Series plugin.

Cause


  • PAN OS 10.0.11 comes with Plugin version 2.1.4 built-in
  • There is compatibility issue with plugin version 2.1.0 - 2.1.5 in cummincating with higher plugin version.

Resolution


  1. Before upgrading the PAN-OS upgrade the plugin version to 2.1.6 or higher.
  2. First, upgrade it on Active firewall so that passive will be non-functional and traffic won't be affected.
  3. Then upgrade it on Passive firewall.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kHDyCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail