Our current main cluster is an Active/Passive pair running 9.1.11-h1. My plan is to upgrade this 10.1.8-h2 this weekend to get it up to spec with the rest of our firewalls and panorama.
Reading the upgrade process tech doc, Palo is saying to failover and upgrade the current Active/primary member first. Everything else I’m reading is start with the secondary/passive member and that is how I would have done it previously with checkpoint firewalls. Is there a specific reason for Palo stating to do it this way but everywhere else im reading mentions starting with the passive member first?
No idea, maybe to reduce the number of "flaps"?
I'd personally also upgrade secondary first, swap HA, upgrade primary, swap back
Upgrade secondary to next os, swap, upgrade primary, swap, job done, have beer