Dynamic Content Updates
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.1
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Dynamic Content Updates
Palo Alto Networks frequently publishes updates to equip
the firewall with the latest threat prevention and intelligence.
Palo Alto Networks frequently publishes
updates that the firewall can use to enforce security policy, without
requiring you to upgrade PAN-OS software or change the firewall
configuration. These updates equip the firewall with the very latest
security features and threat intelligence.
Except for application updates and some antivirus
updates—which any firewall can receive—dynamic content updates available
to you might depend on your subscriptions. You can
set a schedule for each dynamic content update to define the frequency
at which the firewall checks for and downloads or installs new updates
(DeviceDynamic Updates).
Dynamic Content Update | What’s in this package? |
---|---|
Antivirus | Antivirus updates are released every 24 hours
and include:
|
Applications | Application updates provide new and modified
application signatures, or App-IDs. This update does
not require any additional subscriptions, but it does require a
valid maintenance/support contract. New application updates are
published only on the third Tuesday of every month, to give you
time to prepare any necessary policy updates in advance. In
rare cases, publication of the update that contains new App-IDs
may be delayed one or two days. Modifications to App-IDs
are released more frequently. While new and modified App-IDs enable
the firewall to enforce your security policy with ever-increasing
precision, resulting changes in security policy enforcement that
can impact application availability. To get the most out of application updates,
follow our tips to Manage New and Modified App-IDs. |
Applications and Threats | Includes new and updated application and
threat signatures. This update is available if you have a Threat
Prevention subscription (in this case, you will get this update
instead of the Applications update). New threat updates are published
frequently, sometimes several times a week, along with updated App-IDs.
New App-IDs are published only on the third Tuesday of every month. In
rare cases, publication of the update that contains new App-IDs
may be delayed one or two days. The firewall can retrieve
the latest threat and application updates within as little as 30
minutes of availability. For guidance on how to best enable
application and threat updates to ensure both application availability
and protection against the latest threats, review the Best Practices for Applications and Threats Content Updates. |
Device Dictionary | The device dictionary is an XML file for
firewalls to use in Security policy rules based on Device-ID. It contains
entries for various device attributes and is completely refreshed
on a regular basis and posted as a new file on the update server.
If there are any changes to a dictionary entry, a revised file will
be posted on the update server so that Panorama and firewalls will
automatically download and install it the next time they check the
update server, which they do automatically every two hours. |
GlobalProtect Data File | Contains the vendor-specific information
for defining and evaluating host information profile (HIP) data
returned by GlobalProtect apps. You must have a GlobalProtect gateway
subscription in order to receive these updates. In addition, you
must create a schedule for these updates before GlobalProtect will
function. |
GlobalProtect Clientless VPN | Contains new and updated application signatures
to enable Clientless VPN access to common web applications from
the GlobalProtect portal. You must have a GlobalProtect subscription
to receive these updates. In addition, you must create a schedule
for these updates before GlobalProtect Clientless VPN will function.
As a best practice, it is recommended to always install the latest
content updates for GlobalProtect Clientless VPN. |
WildFire | Provides access to malware and antivirus
signatures generated by the WildFire public cloud in real-time.
Optionally, you can configure PAN-OS to retrieve WildFire signature
update packages instead. You can set the firewall to check for new
updates as frequently as every minute to ensure that the firewall
retrieves the latest WildFire signatures within a minute of availability.
Without the WildFire subscription, you must wait at least 24 hours
for the signatures to be provided in the Antivirus update. |
WF-Private | Provides near real-time malware and antivirus
signatures created as a result of the analysis done by a WildFire
appliance. To receive content updates from a WildFire appliance,
the firewall and appliance must both be running PAN-OS 6.1 or a
later release and the firewall must be configured to forward files
and email links to the WildFire Private Cloud. |