Install Content and Software Updates
To ensure that you are always protected from the latest threats (including those that have not yet been discovered), you must ensure that you keep your firewalls up-to-date with the latest content and software updates published by Palo Alto Networks.
The following content updates are available, depending on which subscriptions you have:
- Antivirus—Includes new and updated antivirus signatures, including signatures discovered by the WildFire cloud service. You must have a Threat Prevention subscription to get these updates. New antivirus signatures are published daily.
- Applications—Includes new and updated application signatures. This update does not require any additional subscriptions, but it does require a valid maintenance/support contract. New application updates are published weekly. To ensure that Application updates do not impact your existing policy, review the policy impact of new application updates (see Manage New App-IDs Introduced in Content Releases) and be sure to follow the Best Practices for Application and Threat Content Updates.
- Applications and Threats—Includes new and updated application and threat signatures. This update is available if you have a Threat Prevention subscription (and you get it instead of the Applications update). New Applications and Threats updates are published weekly. To ensure that Application updates do not impact your existing policy, review the policy impact of new application updates (see Manage New App-IDs Introduced in Content Releases) and be sure to follow the Best Practices for Application and Threat Content Updates.
- WildFire—Provides near real-time malware and antivirus signatures created as a result of the analysis done by the WildFire cloud service. To ensure that you get the latest signatures within a minute of availability, the best practice is to set the update schedule for WildFire to one minute. If you do not have a WildFire subscription, you must wait 24 to 48 hours for the signatures to roll into the antivirus update.
- GlobalProtect Data File—Contains the vendor-specific information for defining and evaluating host information profile (HIP) data returned by GlobalProtect agents. You must have a GlobalProtect gateway license and create an update schedule in order to receive these updates.
- BrightCloud URL Filtering—Provides updates to the BrightCloud URL Filtering database only. You must have a BrightCloud subscription to get these updates. New BrightCloud URL database updates are published daily. If you have a PAN-DB license, scheduled updates are not required as firewalls remain in-sync with the servers automatically.
- Ensure that the firewall has access to the update server.
- By default, the firewall accesses theUpdate Serveratupdates.paloaltonetworks.comso that the firewall receives content updates from the server to which it is closest in the CDN infrastructure. If the firewall has restricted access to the Internet, set the update server address to use the hostnamestaticupdates.paloaltonetworks.comor the IP address126.96.36.199instead of dynamically selecting a server from the CDN infrastructure.
- (Optional) ClickVerify Update Server Identityfor an extra level of validation to enable the firewall to check that the server’s SSL certificate is signed by a trusted authority.
- (Optional) If the firewall needs to use a proxy server to reach Palo Alto Networks update services, in theProxy Serverwindow, enter:
- Server—IP address or host name of the proxy server.
- Port—Port for the proxy server. Range: 1-65535.
- User—Username to access the server.
- Password—Password for the user to access the proxy server. Re-enter the password atConfirm Password.
- Check for the latest content updates.Selectand clickDeviceDynamic UpdatesCheck Now(located in the lower left-hand corner of the window) to check for the latest updates. The link in theActioncolumn indicates whether an update is available:
- Download—Indicates that a new update file is available. Click the link to begin downloading the file directly to the firewall. After successful download, the link in theActioncolumn changes fromDownloadtoInstall.You cannot download the antivirus update until you have installed the Application and Threats update.
- Upgrade—Indicates that a new version of the BrightCloud database is available. Click the link to begin the download and installation of the database. The database upgrade begins in the background; when completed a check mark displays in theCurrently Installedcolumn. Note that if you are using PAN-DB as your URL filtering database you will not see an upgrade link because the PAN-DB database on the firewall automatically synchronizes with the PAN-DB cloud.To check the status of an action, clickTasks(on the lower right-hand corner of the window).
- Revert—Indicates that a previously installed version of the content or software version is available. You can choose to revert to the previously installed version.
- Install the content updates.Installation can take up to 20 minutes on a PA-200, PA-500, or PA-2000 Series firewall and up to two minutes on a PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7000 Series, or VM-Series firewall.Click theInstalllink in theActioncolumn. When the installation completes, a check mark displays in theCurrently Installedcolumn.
- Schedule each content update.Repeat this step for each update you want to schedule.Although you can manually install content updates, the best practice is to schedule content updates so that they get downloaded and installed automatically. When scheduling the updates, be sure to stagger the update schedules because the firewall can only download one update at a time. If you schedule the updates to download during the same time interval, only the first download will succeed.
- Set the schedule of each update type by clicking theNonelink.
- Specify how often you want the updates to occur by selecting a value from theRecurrencedrop-down. The available values vary by content type (WildFire updates are availableEvery Minute,Every 15 Minutes,Every 30 minutes, orEvery Hourwhereas Applications and Threats updates can be scheduled forDailyorWeeklyupdate and Antivirus updates can be scheduled forHourly,Daily, orWeekly).As new WildFire signatures are made available every five minutes, set the firewall to retrieve WildFire updatesEvery Minuteto get the latest signatures within a minute of availability.
- Specify theTimeand (or, minutes past the hour in the case of WildFire), if applicable depending on theRecurrencevalue you selected,Dayof the week that you want the updates to occur.
- Specify whether you want the system toDownload Onlyor, as a best practice,Download And Installthe update.
- Enter how long after a release to wait before performing a content update in theThreshold (Hours)field. In rare instances, errors in content updates may be found. For this reason, you may want to delay installing new updates until they have been released for a certain number of hours.If you have mission critical applications that must be 100% available, set the threshold for Applications or Applications and Threats updates to a minimum of 24 hours and follow the Best Practices for Application and Threat Content Updates.
- ClickOKto save the schedule settings.
- ClickCommitto save the settings to the running configuration.
Recommended For You
Recommended videos not found.