Upgrade or Downgrade Considerations in Prisma SD-WAN ION Release 6.4
Updated on
Wed Feb 12 03:24:03 UTC 2025
Focus
Download PDF
Updated on
Wed Feb 12 03:24:03 UTC 2025
Focus
- Home
- Prisma SD-WAN
- Prisma SD-WAN ION Device Release 6.4
- Upgrade or Downgrade Considerations in Prisma SD-WAN ION Release 6.4
Download PDF
Prisma SD-WAN
Table of Contents
Learn about the device upgrade and downgrade considerations for Prisma SD-WAN Release 6.4.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following section details the upgrade path to Prisma SD-WAN release 6.4.x. Review the upgrade and downgrade considerations before upgrading to this release.
Prerequisite—Prior to upgrading branch ION devicesto 6.1.X, ensure that all data center ION devices are running IONsoftware version 5.4.x or higher.
Upgrade Or Downgrade Path
Use the following paths to upgrade to release 6.3.x, and use the path in reverse to rollback to the version you started from:
4.7.1 -> 5.0.x -> 5.1.x -> 5.4.x -> 5.6.x -> 6.1.x -> 6.3.x -> 6.4.x
4.7.1 -> 5.0.x -> 5.2.x -> 5.5.x -> 5.6.x -> 6.1.x -> 6.3.x -> 6.4.x
5.0.x -> 5.2.x -> 5.5.x -> 5.6.x -> 6.1.x -> 6.3.x -> 6.4.x
5.1.x -> 5.4.x -> 5.6.x -> 6.1.x -> 6.3.x -> 6.4.x
5.2.x -> 5.5.x -> 5.6.x -> 6.1.x -> 6.3.x -> 6.4.x
5.4.x -> 5.6.x -> 6.1.x -> 6.3.x -> 6.4.x
6.0.x -> 6.1.x -> 6.3.x -> 6.4.x
6.2.x -> 6.3.x -> 6.4.x
6.2.x -> 6.4.x
- Upgrade or Downgrade Considerations in Prisma SD-WAN ION Device Release 6.4.1
- Upgrade/Downgrade Path for Virtual Form Factor in FIPS Mode
Upgrade or Downgrade Considerations in Prisma SD-WAN ION Device Release 6.4.1
The following table lists the new features that have upgrade or downgrade impact. Make sure you understand all upgrade/downgrade considerations before you upgrade to or downgrade from Prisma SD-WAN release 6.4.1.
| Feature | Upgrade Considerations | Downgrade Considerations |
|---|---|---|
| Performance Policy | If Performance Policy is attached to the site:
| When downgrading device from 6.4.1 to 6.3.2/6.3.1:
|
| Branch Gateway | If a device is onboarded to a branch gateway site, enable:
| Remove the configurations related to the Branch Gateway such as Service & DC Groups, WAN default route distribution and then downgrade the device. |
| Auto Operational State | Auto Operational State is enabled by default for new SVIs and disabled for existing SVIs. After upgrading to version 6.4.1, you need to enable the Auto Operational State, when required. | When Auto Operational State is enabled, downgrade to previous releases is not allowed. You can downgrade only after disabling this configuration. Make the necessary deployment changes and then disable the configuration. |
| HA over SVI Access Port | When downgrading to earlier releases, if you have configured an access port, then downgrading will be blocked. Downgrade is allowed only when a trunk member port is present for the HA control SVI. | None |
| App IDs | To upgrade devices to version 6.4.1, ensure that all policies contain applications with a version higher than or equal to 6.0.1. | To downgrade devices from version 6.4.1 to previous versions, ensure that there are no policies containing applications with version 6.4.1 or higher. |
Upgrade/Downgrade Path for Virtual Form Factor in FIPS Mode
When upgrading from 6.1.x or 5.6.x to 6.2.x or later images of virtual form factor (VFF), there may be a disruption of service links, stats/logs connections, and remote sessions in FIPS mode. This issue is observed only when the VFF in FIPS mode is upgraded to 6.2.1 or later.
Upgrade or Downgrade Versions
Follow the below steps if you are on a VFF pre-6.2.1 with FIPS mode enabled and upgrading to software version greater than or equal to 6.2.1 (includes 6.2.2, 6.3.4, 6.3.5 and 6.4.1), (excluding 6.2.3, 6.3.1, 6.3.2, 6.3.3 already blocked on the Controller).
- First, disable FIPS mode on VFF.
- Upgrade to the desired software version.
- Then, enable FIPS mode. Enabling FIPS mode can take up to 20 minutes.
The above steps do not apply when upgrading directly from 6.1.x to 6.4.2 or higher.
Considering these known limitations and FIPS certified versions are 6.1.2 and 6.4.2 or higher, for VFF in FIPS mode on any older software version (< 6.2.1), Palo Alto Networks recommend the upgrade path to be 6.4.2 and all later versions.
"); adBlockNotification.append($( "Thanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application." )); let adBlockNotificationClose = $("x"); adBlockNotification.prepend(adBlockNotificationClose) $('body').append(adBlockNotification); setTimeout(function (e) { adBlockNotification.addClass('open'); }, 10); adBlockNotificationClose.on('click', function (e) { adBlockNotification.removeClass('open'); }) } }, 5000)
