Automatic Content Push for VM-Series and CN-Series Firewalls
Table of Contents
10.2
Expand all | Collapse all
-
- CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall on AWS EKS
- DPDK Support for CN-Series Firewall
- Daemonset(vWire) IPv6 Support
- Panorama Plugin for Kubernetes 3.0.0
- L3 IPV4 Support for CN-Series
- 47 Dataplane Cores Support for VM-Series and CN-Series Firewalls
- Memory Scaling of the VM-Series Firewall
Automatic Content Push for VM-Series and CN-Series Firewalls
Automatically push dynamic content updates to VM-Series
and CN-Series firewalls on first connection to the Panorama™ management
server.
PAN-OS 10.2 introduces the ability to automatically push the latest Antivirus and Applications
and Threats content updates on first connection when onboarding a new VM-Series and CN-Series firewall to the Panorama™
management server. When leveraging auto-scale, enabling this setting allows you to
maintain existing images for VM-Series and CN-Series firewalls leveraging dynamic
content in their configurations, such as in policies and App-ID. This helps
eliminate the operational overhead required to update VM-Series and CN-Series
firewall images when new dynamic content update versions are introduced.
Panorama attempts to push the installed dynamic content updates on the first
connection only and does not attempt any subsequent pushes if the initial push fails
for any reason.
For example, you add a VM-Series firewall to Panorama
management and enable
Auto Push on 1st Connect
to
automatically push the device group and template stack configuration to the
VM-Series firewall on first connection. However, the template stack contains an
invalid configuration and the push to the VM-Series firewall fails. In this
scenario, the automatic content push to the VM-Series firewall also fails because
the configuration push and dynamic content version push are included in the same
push operation to the VM-Series firewall.VM-Series
firewalls deployed on NSX and hardware firewalls are not
supported.
- Install the latest dynamic content updates on Panorama.This is required to automatically push the Antivirus and Applications and Threats content updates. Panorama only the Antivirus and Applications and Threats versions it has installed to VM-Series and CN-Series firewalls.
- Configure Panorama to automatically push the latest dynamic content updates to VM-Series and CN-Series firewalls on first connection.This step assumes you have already configured a template stack for your VM-Series and CN-Series firewall configuration.
- Selectand click the template stack that contains the VM-Series and CN-Series firewall configuration.PanoramaTemplates
- Check (enable)Automatically push content when software device registers to Panorama.
- ClickOK.
- CommitandCommit to Panorama.
- When adding the VM-Series or CN-Series firewall to Panorama management, be sure toAssociate Devicesand assign the firewalls to the Template Stack where you enabled Panorama to automatically push the dynamic content updates installed on Panorama to the firewalls on first connection.Panorama does not push the installed dynamic content updates if the VM-Series or CN-Series firewall is not assigned to a Template Stack prior to first connection.
- Verify the dynamic content version installed on the firewall.
- Selectand locate the managed firewalls you added.PanoramaManaged DevicesSummary
- Verify the Device State isConnected.
- Verify the Antivirus and Apps and Threat versions match the versions installed on Panorama.