Automatically Check for and Install Content Updates (API)

Using the XML API, you can programmatically check and install new content updates, including antivirus, WildFire, and GlobalProtect updates. Check for new updates available and download updates that have been released for at least one week.
Download, upgrade, and installation requests are asynchronous. The API responds with a job ID while it processes your request. In your subsequent request, you use this job ID to check on the result of your original request:
curl -X GET "https://<firewall>/api/?type=op&cmd=<show><jobs><id></id></jobs></show>&key=<apikey>"
  1. Check for installed content on your firewall. Run the following request to view current system information:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<show><system><info></info></system></show>&key=<apikey>"
  2. Confirm that the API response to the request in the previous step includes the currently installed updates on your firewall:
    <response status="success"> <result> <system> <hostname>pm-firewall</hostname> <ip-address>10.47.0.8</ip-address> <netmask>255.255.254.0</netmask> <default-gateway>10.47.0.1</default-gateway> <is-dhcp>no</is-dhcp> <ipv6-address>unknown</ipv6-address> <ipv6-link-local-address>fe80::21b:17ff:feff:c04a/64</ipv6-link-local-address> <ipv6-default-gateway /> <mac-address>00:1b:17:ff:c0:4a</mac-address> <time>Mon Jul 11 17:51:37 2016</time> <uptime>11 days, 7:38:34</uptime> <devicename>pm-firewall</devicename> <family>3000</family> <model>PA-3020</model> <serial>001801000104</serial> <sw-version>7.1.3</sw-version> <global-protect-client-package-version>2.0.0</global-protect-client-package-version> <app-version>598-3427</app-version> <app-release-date>2016/07/09 22:30:55</app-release-date> <av-version>2416-2855</av-version> <av-release-date>2016/07/10 11:27:57</av-release-date> <threat-version>598-3427</threat-version> <threat-release-date>2016/07/09 22:30:55</threat-release-date> <wf-private-version>0</wf-private-version> <wf-private-release-date>unknown</wf-private-release-date> <url-db>paloaltonetworks</url-db> <wildfire-version>80426-81466</wildfire-version> <wildfire-release-date>2016/07/11 17:45:11</wildfire-release-date> <url-filtering-version>2016.07.11.248</url-filtering-version> <global-protect-datafile-version>1468280405</global-protect-datafile-version> <global-protect-datafile-release-date>2016/07/11 23:40:05</global-protect-datafile-release-date> <logdb-version>7.0.9</logdb-version> <platform-family>3000</platform-family> <vpn-disable-mode>off</vpn-disable-mode> <multi-vsys>on</multi-vsys> <operational-mode>normal</operational-mode> </system> </result> </response>
  3. Note the currently installed versions for the following updates, so that you can compare the values after you check for the latest updates:
    • global-protect-client-package-version: GlobaProtect
    • app-version: Application and threat signatures.
    • av-version: Antivirus signatures
    • wildfire-version: WildFire malware and antivirus signatures
  4. Check for new, available updates with the following requests and store the version field in the response, which is the
    version
    field for GlobalProtect, and the
    app-version
    field for all others:
    • GlobalProtect:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><global-protect-client><software><check></check></software></global-protect-client></request>&key=<apikey>"
    • WildFire:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><wildfire><upgrade><check></check></upgrade></wildfire></request>&key=<apikey>"
    • Application & Threat:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><content><upgrade><check></check></upgrade></content></request>&key=<apikey>"
    • Antivirus:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><anti-virus><upgrade><check></check></upgrade></anti-virus></request>&key=<apikey>"
    Example response:
    <response status="success"> <result> <sw-updates last-updated-at="2016/05/19 14:34:34"> <msg/> <versions> <entry> <version>4.0.0-c16</version> <filename>PanGP-4.0.0-c16</filename> <size>44</size> <size-kb>45321</size-kb> <released-on>2016/07/08 15:41:18</released-on> <release-notes> <![CDATA[ https://firewall/updates/ReleaseNotes.aspx?type=sw&versionNumber=4.0.0-c16&product=gpclient&platform=any ]
    ]> </release-notes> <downloaded>no</downloaded> <current>no</current> <latest>no</latest> <uploaded>no</uploaded> </entry> <!--TRUNCATED-->
    Take note of the
    released-on
    XML field to verify that updates have been released for at least a week.
  5. In your script or code, compare the version values for currently installed updates to new, available updates. It is recommended that you only install updates that have been available for at least a week.
  6. Download the latest content updates with these requests:
    • GlobalProtect:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><global-protect-client><software><download><version>versionnumber</version></download></software></global-protect-client></request>&key=<apikey>"
    • WildFire:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><wildfire><upgrade><download><latest></latest></download></upgrade></wildfire></request>&key=<apikey>"
    • Application & Threat:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><content><upgrade><download><latest></latest></download></upgrade></content></request>"
    • Antivirus:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><anti-virus><upgrade><download><latest></latest></download></upgrade></anti-virus></request>&key=<apikey>"
    The response contains a job ID that you can use to check on the status of the request. Example:
    <response status="success" code="19"> <result> <msg> <line>Content install job enqueued with jobid 299</line> </msg> <job>299</job> </result> </response>
  7. Install the latest content updates with these requests:
    • GlobalProtect:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><global-protect-client><software><install><version>versionnumber</version></install></software></global-protect-client></request>&key=<apikey>"
    • WildFire:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><wildfire><upgrade><install><version>latest</version></install></upgrade></wildfire></request>&key=<apikey>"
    • Application & Threat:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><content><upgrade><install>latest</latest></install></upgrade></content></request>&key=<apikey>"
    • Antivirus:
    curl -X GET "https://<firewall>/api/?type=op&cmd=<request><anti-virus><upgrade><install><version>latest</version></install></upgrade></anti-virus></request>&key=<apikey>"
    The response contains a job ID that you can use to check on the status of the request.

Recommended For You