PAN-OS - Firewall Upgrade Readiness Checks
This Playbook is part of the PAN-OS by Palo Alto Networks Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
This playbook uses the PAN-OS integration to check NGFW device conditions that can affect its readiness to perform a PAN-OS upgrade. Included checks examine the following:
- Available disk space for the target version (base image and release image)
- Presence of any uncommitted configuration changes
- Whether the device has an active Support license
- Whether NTP is configured and synced
- Whether the latest App/Threat dynamic update is installed
- For devices in HA groups, check that devices in the group have:
- App/Threat, AntiVirus, and GlobalProtect Client are at the same level and compatible for HA failover
- Running configuration synchronized among peers
Playbook output includes a register of the checks performed, a brief description, and their result.
NOTE: This playbook is intended for use with a single PAN-OS Integration Instance.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
This playbook does not use any sub-playbooks.
Integrations#
- Panorama
Scripts#
- JsonToTable
- PAN-OS-GetAvailablePANOSSoftware
- PAN-OS-GetDeviceDiskSpace
- PrintErrorEntry
- Set
Commands#
- pan-os
- pan-os-check-dynamic-updates-status
- pan-os-platform-get-system-info
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| targetDevice | Serial Number of the firewall to check upgrade readiness for. | Required | |
| targetVersion | The target PAN-OS version to check upgrade readiness for. | Optional |
Playbook Outputs#
| Path | Description | Type |
|---|---|---|
| ReadinessChecks | List of upgrade readiness checks performed and their result (Passed/Failed). | unknown |
Playbook Image#
