Install WildFire Content Updates Directly from the Update Server

1. Verify connectivity from the appliance to the update server and identify the content update to install.

   1. Log in to the WildFire appliance and run the following command to display the current content version:

      admin@WF-500> show system info | match wf-content-version

   2. Confirm that the appliance can communicate with the Palo Alto Networks Update Server and view available updates:

      admin@WF-500> request wf-content upgrade check

      The command queries the Palo Alto Networks Update Server and provides information about available updates and identifies the version that is currently installed on the appliance.

      Version Size  Released on      Downloaded Installed 
      --------------------------------------------------- 
      2-253   57MB  2014/09/20 20:00:08 PDT no         no 
      2-39    44MB  2014/02/12 14:04:27 PST yes     current 

      If the appliance cannot connect to the update server, you will need to allow connectivity from the appliance to the Palo Alto Networks Update Server (updates.paloaltonetworks.com), or download and install the update using SCP as described in Install WildFire Content Updates from an SCP-Enabled Server.
2. Download and install the latest content update.

   1. Download the latest content update:

      admin@WF-500> request wf-content upgrade download latest

   2. View the status of the download:

      admin@WF-500> show jobs all

      You can run show jobs pending to view pending jobs. The following output shows that the download (job id 5) has finished downloading (Status FIN):

      Enqueued          ID  Type    Status Result Completed 
      --------------------------------------------------- 
      2014/04/22 03:42:20  5  Downld  FIN   OK   03:42:23 

   3. After the download is complete, install the update:

      admin@WF-500> request wf-content upgrade install version latest

      Run the show jobs all command again to monitor the status of the install.
3. Verify the content update.

   Run the following command and refer to the wf-content-version field:

   admin@WF-500> show system info

   The following shows an example output with content update version 2-253 installed:

   admin@WF-500> show system info 
   hostname: WildFire 
   ip-address: 10.5.164.245 
   netmask: 255.255.255.0 
   default-gateway: 10.5.164.1 
   mac-address: 00:25:90:c3:ed:56 
   vm-interface-ip-address: 192.168.2.2 
   vm-interface-netmask: 255.255.255.0 
   vm-interface-default-gateway: 192.168.2.1 
   vm-interface-dns-server: 192.168.2.1 
   time: Mon Apr 21 09:59:07 2014 
   uptime: 17 days, 23:19:16 
   family: m 
   model: WildFire 
   serial: abcd3333 
   sw-version: 6.1.0 
   wf-content-version: 2-253 
   wfm-release-date: 2014/08/20 20:00:08 
   logdb-version: 6.1.2 
   platform-family: m 

   Confirm that all services are running.

   admin@WF-500> show system software status

4. (Optional) Schedule content updates to be installed on a daily or weekly basis.

   When setting a schedule for content updates on WildFire appliances enrolled in a cluster, it is advisable to schedule WildFire content updates at different times on all nodes to ensure efficient availability of the cluster for sample processing.

   1. Schedule the appliance to download and install content updates:

      admin@WF-500# set deviceconfig system update-schedule wf-content recurring [daily | weekly] action [download-and-install | download-only]

      For example, to download and install updates daily at 8:00 am:

      admin@WF-500# set deviceconfig system update-schedule wf-content recurring daily action download-and-install at 08:00

   2. Commit the configuration

      admin@WF-500# commit