>
    Upgrade a WildFire Appliance
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced WildFire Powered by Precision AI™
    3. Set Up and Manage a WildFire Appliance
    4. Upgrade a WildFire Appliance
    Download PDF
    Advanced WildFire Powered by Precision AI™

    Upgrade a WildFire Appliance

    Table of Contents

    Upgrade a WildFire Appliance

    Where Can I Use This?What Do I Need?
    • WildFire Appliance
    • WildFire License
    Use the following workflow to upgrade the WildFire appliance operating system. If you want to upgrade an appliance that is part of a WildFire cluster, see Upgrade WildFire Appliances in a Cluster. The appliance can only use one environment at a time to analyze samples, so after upgrading the appliance, review the list of available VM images and then choose the image that best fits your environment. In the case of Windows 7, if your environment has a mix of Windows 7 32-bit and Windows 7 64-bit systems, it is recommended that you choose the Windows 7 64-bit image, so WildFire will analyze both 32-bit and 64-bit PE files. Although you configure the appliance to use one virtual machine image configuration, the appliance uses multiple instances of the image to perform file analyses.
    Depending on the number of samples the WildFire appliance has analyzed and stored, the time required to upgrade the appliance software varies; this is because upgrading requires the migration of all malware samples and 14 days of benign samples. Allow 30 to 60 minutes to upgrade a WildFire appliance that you have used in a production environment.
    The following procedure uses an example filename from a PAN-OS 10.2.2 release. The exact filename for the release you install on your WildFire appliance may differ based on the specific release.
    1. If you’re setting up a WildFire appliance for the first time, start by configuring the WildFire appliance.
    2. Temporarily suspend sample analysis.
      1. Stop firewalls from forwarding any new samples to the WildFire appliance.
        1. Log in to the firewall web interface.
        2. Select DeviceSetupWildFire and edit General Settings.
        3. Clear the WildFire Private Cloud field.
        4. Click OK and Commit.
      2. Confirm that analysis for samples the firewalls already submitted to the appliance is complete:
        admin@WF-500> show
wildfire latest samples
        If you do not want to wait for the WildFire appliance to finish analyzing recently-submitted samples, you can continue to the next step. However, consider that the WildFire appliance then drops pending samples from the analysis queue.
    3. Install the latest WildFire appliance content update. This update equips the appliance with the latest threat information to accurately detect malware.
      This process can take up to 6 hours or more on older appliances.
      1. Verify that you are running the latest content update on your WildFire appliance.
        admin@WF-500> request wf-content upgrade check
      2. Download the latest WildFire content update package.
        admin@WF-500> request
wf-content upgrade download latest
        If you do not have direct connectivity to the Palo Alto Networks Update Server, you can download and Install WildFire Content Updates from an SCP-Enabled Server.
      3. View the status of the download.
        admin@WF-500> show jobs all
      4. After the download is complete, install the update.
        admin@WF-500> request
wf-content upgrade install version latest
    4. (Required when upgrading to PAN-OS 10.2.2) Upgrade the VM images on the WildFire appliance.
      1. Log in and access the Palo Alto Networks Customer Support Portal Software Download Page. You can also manually navigate to the software download page from the Support homepage by going to UpdatesSoftware Updates.
      2. From the software updates page, select WF-500 Guest VM Images and download the following VM image files:
        Palo Alto Networks periodically updates the VM image files; as a result, the specific filename changes based on the version that is available. Be sure to download the latest version, whereby the m-x.x.x in the filename indicates the release number; additionally, there is a release date that can be cross-referenced to help determine the latest version.
        • WFWinXpAddon3_m-1.0.1.xpaddon3
        • WFWinXpGf_m-1.0.1.xpgf
        • WFWin7_64Addon1_m-1.0.1.7_64addon1
        • WFWin10Base_m-1.0.1.10base
      3. Upload the VM images to the WildFire appliance.
        1. Import the VM image from the SCP server:
          admin@WF-500>scp import wildfire-vm-image from <username@ip_address>/<folder_name>/<vm_image_filename>
          For example:
          admin@WF-500>scp import wildfire-vm-image from user1@10.0.3.4:/tmp/WFWin7_64Addon1_m-1.0.1.7_64addon1
        2. To check the status of the download, use the following command:
          admin@WF-500>show jobs all
        3. Repeat for the remaining VM images.
      4. Install the VM image.
        1. admin@WF-500>request system wildfire-vm-image upgrade install file <vm_image_filename>
        2. Repeat for the remaining VM images.
      5. Confirm that the VM images have been properly installed and enabled on the WildFire appliance.
        1. (Optional) View a list of available virtual machines images:
          admin@WF-500> show wildfire vm-images
          The output displays the available VM images.
        2. Commit the configuration:
          admin@WF-500# commit
        3. View the active VM images by running the following command:
          admin@WF-500> show wildfire status
    5. Download the PAN-OS 10.2.2 software version to the WildFire appliance.
      You cannot skip any major release versions when upgrading the WildFire appliance. For example, if you want to upgrade from PAN-OS 6.1 to PAN-OS 7.1, you must first download and install PAN-OS 7.0.
      The examples in this procedure demonstrate how to upgrade to PAN-OS 10.2.2. Replace 10.2.2 with the appropriate target release for your upgrade.
      Download the 10.2.2 software version:
      • Direct Internet Connectivity:
        1. admin@WF-500>
request system software download version 10.2.2
        2. To check the status of the download, use the following command:
          admin@WF-500>
show jobs all
      • Without Internet Connectivity:
        1. Navigate to the Palo Alto Networks Support site and in the Tools section, click on Software Updates.
        2. Download the WildFire appliance software image file to be installed to a computer running SCP server software.
        3. Import the software image from the SCP server:
          admin@WF-500>
scp import software from <username@ip_address>/<folder_name>/<imagefile_name>
          For example:
          admin@WF-500> scp import software
from user1@10.0.3.4:/tmp/WildFire_m-10.2.2
        4. To check the status of the download, use the following command:
          admin@WF-500>
show jobs all
    6. Confirm that all services are running.
      admin@WF-500> show
system software status
    7. Install the 10.2.2 software version.
      admin@WF-500> request
system software install version 10.2.2
    8. Complete the software upgrade.
      1. Confirm that the upgrade is complete. Run the following command and look for the job type Install and status FIN:
        admin@WF-500> show
jobs all 
Enqueued  Dequeued ID Type  Status Result Completed 
--------------------------------------------------- 
02:42:36  02:42:36  5 Install FIN     OK    02:43:02
      2. Restart the appliance:
        admin@WF-500> request
restart system
        The upgrade process could take 10 minutes or over an hour, depending on the number of samples stored on the WildFire appliance.
    9. Check that the WildFire appliance is ready to resume sample analysis.
      1. Verify that the sw-version field shows 10.2.2:
        admin@WF-500> show
system info | match sw-version
      2. Confirm that all processes are running:
        admin@WF-500> show
system software status
      3. Confirm that the auto-commit (AutoCom) job is complete:
        admin@WF-500> show
jobs all
    10. (Optional) Enable the VM image the WildFire appliance uses to perform analysis. Each available VM image represents a single operating system, and supports several different analysis environments based on that operating system.
      • If your network environment has a mix of Windows 7 32-bit and Windows 7 64-bit systems, it is recommended that you choose the Windows 7 64-bit image, so WildFire will analyze both 32-bit and 64-bit PE files.
      • vm-3 (Windows XP), vm-5 (Windows 7 64-bit), and vm-7 (Windows 10 64-bit) are the currently available analysis environments.
      • View the active virtual machine image by running the following command and refer to the Selected VM field:
        admin@WF-500> show
wildfire status
      • View a list of available virtual machines images:
        admin@WF-500> show
wildfire vm-images
        The following output shows that vm-5 is the Windows 7 64-bit image:
        vm-5 Windows 7 64bit, Adobe Reader 11, Flash 11, Office 2010. Support PE, PDF, Office 2010 and earlier
      • Set the image to be used for analysis:
        admin@WF-500# set
deviceconfig setting wildfire active-vm <vm-image-number>
        For example, to use vm-5, run the following command:
        admin@WF-500# set
deviceconfig setting wildfire active-vm vm-5
        And commit the configuration:
        admin@WF-500# commit
    11. Next steps:
      • (Optional) Upgrade firewalls to PAN-OS 10.2.2. See the firewall upgrade instructions included in the PAN-OS 10.2 New Features Guide. Firewalls running release versions earlier than PAN-OS 10.2.2 can still continue to forward samples to a WildFire appliance running 10.2.2.
      • (Troubleshooting) If you notice data migration issues or an error following the upgrade, restart the WildFire appliance to restart the upgrade process—restarting the WildFire appliance will not cause data to be lost.

    © 2024 Palo Alto Networks, Inc. All rights reserved.