Deploy Applications and Threats Content Updates
Table of Contents
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 10.2
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Deploy Applications and Threats Content Updates
Take these steps to activate a Threat Prevention license
and to set the schedule for a Palo Alto Networks next-gen firewall
to get the latest Application and Threat signatures.
Before you take the steps to configure application
and threat content updates, learn about how Applications and Threats Content Updates work
and decide how you want to implement Best Practices for Applications and Threats Content Updates.
Additionally,
Panorama enables you to deploy content updates to firewalls easily
and rapidly. If you’re using Panorama to manage firewalls, follow these steps to
deploy content updates instead of the ones below.
- To unlock the full Applications and Threats content package, get a Threat Prevention license and activate the license on the firewall.
- Select DeviceLicenses.Manually upload the license key or retrieve it from the Palo Alto Networks license server.Verify that the Threat Prevention license is active.Set the schedule for the firewall to retrieve and install content updates.As you complete the following steps, it’s particularly important that you consider whether your organization is mission-critical or security-first (or a mix of both), and that you have reviewed the Best Practices for Applications and Threats Content Updates.
- Select DeviceDynamic Updates.Select the Schedule for Applications and Threat content updates.Set how frequently (the Recurrence) the firewall checks with the Palo Alto Networks update server for new Applications and Threat content releases, and on what Day and Time.Set the Action for the firewall to take when it finds and retrieves a new content release.Set an installation Threshold for content releases. Content releases must be available on the Palo Alto Networks update server at least this amount of time before the firewall can retrieve the release and perform the Action you configured in the last step.If yours is a mission-critical network, where you have zero tolerance for application downtime (application availability is tantamount even to the latest threat prevention), you can set a New App-ID Threshold. The firewall only retrieves content updates that contain new App-IDs after they have been available for this amount of time.Click OK to save the Applications and Threats content update schedule, and Commit.Set up log forwarding to send Palo Alto Networks critical content alerts to external services that you use for monitoring network and firewall activity. This allows you to ensure that the appropriate personnel is notified about critical content issues, so that they can take action as needed. Critical content alerts are logged as system log entries with the following Type and Event: (subtype eq content) and (eventid eq palo-alto-networks-message).While scheduling content updates is a one-time or infrequent task, after you’ve set the schedule, you’ll need to continue to Manage New and Modified App-IDs that are included in content releases, as these App-IDs can change how security policy is enforced.