An efficient tool to execute configuration backups, network state snapshots, system readiness checks, and operating system upgrades of Palo Alto Networks firewalls and Panorama appliances.
Is your feature request related to a problem? Please describe.
Currently, the pan-os-upgrade tool only supports HA upgrades for active/passive configurations. This limitation prevents users from efficiently upgrading their PAN-OS devices in active/active HA setups, requiring manual intervention and increasing the risk of errors.
Describe the solution you'd like
We propose adding support for active/active HA upgrades to the pan-os-upgrade tool. The enhanced feature should:
Recognize and handle different HA status types, including active-primary, active-secondary, and Tentative.
Account for the HA3 interface, which is unique to active/active HA configurations.
Implement the proper active/active HA upgrade workflow, ensuring a smooth and automated upgrade process.
To achieve this, the following steps should be taken:
Research and document the active/active HA upgrade workflow.
Modify the existing codebase to detect and handle active/active HA configurations.
Implement logic to manage the HA3 interface during the upgrade process.
Thoroughly test the new feature to ensure compatibility with various active/active HA setups.
Describe alternatives you've considered
One alternative could be to create a separate subcommand specifically for active/active HA upgrades. However, this would require users to maintain and use multiple upgrade workflows, leading to increased complexity and potential confusion. Integrating the active/active HA upgrade feature into the existing pan-os-upgrade batch subcommand is a more streamlined and user-friendly approach.
Additional context
The addition of active/active HA upgrade support will greatly enhance the usability and versatility of the pan-os-upgrade tool. This feature will benefit organizations running PAN-OS devices in active/active HA configurations, allowing them to automate their upgrade process and reduce the risk of human error. By encompassing both active/passive and active/active HA upgrades, pan-os-upgrade will become a comprehensive solution for upgrading PAN-OS devices in various HA setups.
Is your feature request related to a problem? Please describe. Currently, the pan-os-upgrade tool only supports HA upgrades for active/passive configurations. This limitation prevents users from efficiently upgrading their PAN-OS devices in active/active HA setups, requiring manual intervention and increasing the risk of errors.
Describe the solution you'd like We propose adding support for active/active HA upgrades to the pan-os-upgrade tool. The enhanced feature should:
To achieve this, the following steps should be taken:
Describe alternatives you've considered One alternative could be to create a separate subcommand specifically for active/active HA upgrades. However, this would require users to maintain and use multiple upgrade workflows, leading to increased complexity and potential confusion. Integrating the active/active HA upgrade feature into the existing pan-os-upgrade batch subcommand is a more streamlined and user-friendly approach.
Additional context The addition of active/active HA upgrade support will greatly enhance the usability and versatility of the pan-os-upgrade tool. This feature will benefit organizations running PAN-OS devices in active/active HA configurations, allowing them to automate their upgrade process and reduce the risk of human error. By encompassing both active/passive and active/active HA upgrades, pan-os-upgrade will become a comprehensive solution for upgrading PAN-OS devices in various HA setups.