Applications and Threats Content Updates
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.1
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Applications and Threats Content Updates
Applications and Threats content updates equip Palo Alto
Networks next-gen firewalls with the very latest threat prevention
and application identification technology.
Applications and Threats content updates deliver the
very latest application and threat signatures to the firewall. The
applications portion of the package includes new and modified App-IDs
and does not require a license. The full Applications and Threats
content package, which also includes new and modified threat signatures, requires
a Threat Prevention license. As the firewall automatically retrieves
and installs the latest application and threat signatures (based
on your custom settings), it starts enforcing security policy based
on the latest App-IDs and threat protection without any additional
configuration.
New and modified threat signatures and modified App-IDs are released
at least weekly and, often, more frequently. New App-IDs are released
on the third Tuesday of every month.
In rare cases, publication of the update that contains
new App-IDs may be delayed one or two days.
Because new App-IDs can change how the security policy enforces
traffic, this more limited release of new App-IDs is intended to
provide you with a predictable window in which you can prepare and
update your security policy. Additionally, content updates are cumulative;
this means that the latest content update always includes the application
and threat signatures released in previous versions.
Because application and threat signatures are delivered in a
single package—the same decoders that enable application signatures
to identify applications also enable threat signatures to inspect
traffic—you need to consider whether you want to deploy the signatures
together or separately. How you choose to deploy content updates
depends on your organization’s network security and application
availability requirements. As a starting point, identify your organization
as having one of the following postures (or perhaps both, depending
on firewall location):
- An organization with a security-first posture prioritizes protection using the latest threat signatures over application availability. You’re primarily using the firewall for its threat prevention capabilities. Any changes to App-ID that impact how security policy enforces application traffic is secondary.
- A mission-critical network prioritizes application availability over protection using the latest threat signatures. Your network has zero tolerance for downtime. The firewall is deployed inline to enforce security policy and if you’re using App-ID in security policy, any change a content releases introduces that affects App-ID could cause downtime.
You can take a mission-critical or security-first approach to
deploying content updates, or you can apply a mix of both approaches
to meet the needs of the business. Review and consider Best Practices for Applications and Threats Content Updates to decide
how you want to implement application and threat updates. Then:
While scheduling content updates is a
one-time or infrequent task, after you’ve set the schedule, you’ll
need to continue to Manage New and Modified App-IDs that
are included in content releases, as these App-IDs can change how security
policy is enforced.