Upgrade OS in Palo alto

STEP 1 Take Backup 

1. Select Device > Setup > Operations and Export "Export named configuration snapshot."
2. Select the XML file that contains your running configuration (for example, running-config.xml) and click OK to export the configuration file.
3. Save the exported file to a location external to the firewall. You can use this backup to restore the configuration if you have problems with the upgrade.

STEP 2 : Make sure the firewall is running content release needed for the installation of required OS 

1.Select Device > Dynamic Updates.
2.If the firewall is not running the minimum required update, Check Now to retrieve a list of available updates.
4.Locate and Download the appropriate update.
5.After the download completes, Install the update.

STEP 3: Determine the upgrade path.

1.Select Device > Software > Check now for the latest update
2.Locate and Download the version to which you intend to upgrade.
3.After the download completes, Install the update.
4.After the installation successfully completes, reboot using one of the following methods:
If you are prompted to reboot, click Yes.
If you are not prompted to reboot, select Device > Setup > Operations and Reboot Device (Device Operations section).

NOTE : You cannot skip installation of any major releases in the path to your target PAN-OS version. Therefore, if you intend to upgrade to a version that is more than one major release away, you must still download, install, and reboot the firewall for each intermediate major release along the upgrade path.

For example, if you want to upgrade from PAN-OS 6.0.11 to PAN-OS 7.1.5, you must:

Download and install PAN-OS 6.1.0 and reboot.
Download and install PAN-OS 7.0.1 and reboot (7.0.1 is the base image for the 7.0 release, not 7.0.0).
Download PAN-OS 7.1.0 (you do not need to install it).
Download and install PAN-OS 7.1.5 and reboot.

STEP 4: Verify that the firewall is passing traffic. Select Monitor > Session Browser.

Firepower 9300 - Initial configuration

Configure for Firepower Management

Below steps are for booting up Firepower 9300 for the first time

- Connect to the Firepower 9300 CLI using and complete the system configuration as prompted

Enter the setup mode; setup newly or restore from backup. (setup/restore) ? setup
You have chosen to setup a new Security Appliance. Continue? (y/n): y
Enforce strong password? (y/n): n
Enter the password for “admin”: <new password>
Confirm the password for “admin”: <repeat password>
Enter the system name: 9300FPR1
Physical Switch Mgmt0 IP address :
Physical Switch Mgmt0 IPv4 netmask :
IPv4 address of default gateway :
Configure the DNS Server IP address? (yes/no) [n]: n
Configure the default domain name? (yes/no) [n]: n

Following configurations will be applied:
Switch Fabic=A
System Name=9300FPR1
Enforced Strong Password=no
Physical Switch Mgmt0 IP Address=
Physical Switch Mgmt0 IP Netmask=
Default Gateway=
Ipv6 value=0

Apply and save the configuration (select ‘n’ if you want to re-enter)? (yes/no): yes
Applying configuration. Please wait.

Launch the Firepower Chassis Manager Web Interface from browser using https://<chassis_mgmt_ip_address> [This is the IP address of the Firepower 9300 that you entered during initial configuration] and login

If you have more than one chassis configure it in the same way using different management IP address.

Factory Reset PaloAlto

Factory Reset PaloAlto


Connect to console port of PaloAlto device using Putty

Power on to reboot the device.
During the boot sequence, the screen should look like this:

Type maint to enter maintenance mode.

you will see a "CHOOSE PANOS" screen with the following options: PANOS (maint-other), PANOS (maint) or PANOS (sysroot0).
Please choose PANOS (maint). Press enter to continue.

Once in maintenance mode, the following is displayed, please press enter to Continue:

Arrow down to Factory Reset and press Enter to display the menu:

You will see the Image that will be used to perform the factory reset. Select Factory Reset and press Enter again:

Choose and select reboot when factory reset process is success.

NOTE: Please note that once reboot is complete you have to wait around 15 minutes login with default credentials in CLI .If you try immediately with default credentials it will be showing invalid credentials.so please wait...

default username : admin
default password : admin

You can verify everything is set to default by logging to web portal using the default credentials


Firepower 9300 - Changing the Management IP Address of Firepower Chassis

Changing the Management IP Address

Step 1   Connect to the FXOS CLI using putty
Step 2   To configure an IPv4 management IP address:

Set the scope for fabric-interconnect a:

Firepower-chassis# scope fabric-interconnect a

To view the current management IP address, enter the following command:

Firepower-chassis /fabric-interconnect # show

Enter the following command to configure a new management IP address and gateway:

Firepower-chassis /fabric-interconnect # set out-of-band ip 10.x.x.x netmask gw 10.x.x.x

Commit the transaction to the system configuration:

Firepower-chassis /fabric-interconnect* # commit-buffer

Firepower 9300 - Setting the Date and Time on Firepower Chassis Manager

Setting the Date and Time using NTP server

Step 1   Choose Platform Settings > NTP.
Step 2   Under Set Time Source, click Use NTP Server and then enter the IP address or hostname of the NTP server you want to use in the NTP Server field.
Step 3   Click Save.

Setting the Date and Time Manually

Step 1   Choose Platform Settings > NTP.
Step 2   Under Set Time Source, click Set Time Manually.
Step 3   Click the Date/Hour/Time drop-down list and set the time
Step 4   Click Save.

You can click Get System Time to set the date and time to match what is configured on the computer you are using to connect to the Firepower Chassis Manager.

For both NTP and manual setting, If you modify the system time by more than 10 minutes, the system will log you out and you will need to log in to the Firepower Chassis Manager again.