End-of-Life (EoL)

Device > Dynamic Updates

  • Device > Dynamic Updates
  • Panorama > Dynamic Updates
Palo Alto Networks regularly posts updates for application detection, threat protection, and GlobalProtect data files through dynamic updates as follows:
  • Antivirus
    —Includes new and updated antivirus signatures, including WildFire signatures and automatically-generated command-and-control (C2) signatures. WildFire signatures detect malware first seen by firewalls from around the world. Automatically-generated C2 signatures detect certain patterns in C2 traffic (instead of the C2 server sending malicious commands to a compromised system); these signatures enable the firewall to detect C2 activity even when the C2 host is unknown or changes rapidly. You must have a Threat Prevention subscription to get these updates. New antivirus signatures are published daily.
  • Applications
    —Includes new and updated application signatures. This update does not require any additional subscriptions, but it does require a valid maintenance/support contract. New application updates are published weekly.
  • Applications and Threats
    —Includes new and updated application and threat signatures. This update is available if you have a Threat Prevention subscription (and in this case you will get this update instead of the Applications update). New Applications and Threats updates are published weekly, and you can set the firewall to retrieve the latest updates within 30 minutes of availability. You can also choose to install only the new threat signatures in a content release version. You are prompted with this option both when installing a content release and when setting the schedule to automatically install content release versions. This option allows you to benefit from new threat signatures immediately; you can then review the policy impact for new application signatures and make any necessary policy updates before enabling them.
  • GlobalProtect Data File
    —Contains the vendor-specific information for defining and evaluating host information profile (HIP) data returned by GlobalProtect agents. You must have a GlobalProtect gateway subscription in order to receive these updates. In addition, you must create a schedule for these updates before GlobalProtect will function.
  • GlobalProtect Clientless VPN
    —Contains new and updated application signatures to enable Clientless VPN access to common web applications from the GlobalProtect portal. You must have a GlobalProtect subscription to receive these updates. In addition, you must create a schedule for these updates before GlobalProtect Clientless VPN will function.
  • BrightCloud URL Filtering
    —Provides updates to the BrightCloud URL Filtering database only. You must have a BrightCloud subscription to get these updates. New BrightCloud URL database updates are published daily. If you have a PAN-DB license, scheduled updates are not required as firewalls remain in-sync with the servers automatically.
  • WildFire
    —Provides near real-time malware and antivirus signatures created as a result of the analysis done by the WildFire public cloud. WildFire signature updates are made available every five minutes. You can set the firewall to check for new updates as frequently as every minute to ensure that the firewall retrieves the latest WildFire signatures within a minute of availability. Without the WildFire subscription, you must wait 24 to 48 hours for the WildFire signatures to roll into the Applications and Threat update. Select
    Device
    Setup
    WildFire
    to enable
    WildFire Public Cloud
    analysis.
  • WF-Private
    —Provides near real-time malware and antivirus signatures created as a result of the analysis done by a WildFire appliance. To receive content updates from a WildFire appliance, the firewall and appliance must both be running PAN-OS 6.1 or a later release and the firewall must be configured to forward files and email links to the WildFire Private Cloud. Select Device > Setup > WildFire to enable WildFire Private Cloud analysis.
You can view the latest updates, read the release notes for each update, and then select the update you want to download and install. You can also revert to a previously installed version of an update.
If you are managing your firewalls using Panorama and want to schedule dynamic updates for one or more firewalls, see Schedule Dynamic Content Updates.
Dynamic Updates Options
Description
Version
Lists the versions that are currently available on the Palo Alto Networks Update Server. To check if a new software release is available from Palo Alto Networks, click
Check Now
. The firewall uses the service route to connect to the Update Server and checks for new content release versions and, if there are updates available, displays them at the top of the list.
Last checked
Displays the date and time that the firewall last connected to the update server and checked if an update was available.
Schedule
Allows you to schedule the frequency for retrieving updates.
You can define how often and when the dynamic content updates occur—the
Recurrence
and time—and whether to
Download Only
or to
Download and Install
the scheduled updates on the firewall.
When scheduling recurring downloads and installations for content updates, you can choose to
Disable new apps in content update
. This option enables protection against the latest threats, while giving you the flexibility to enable applications after preparing policy updates that might be necessary for applications that are newly-identified and possibly treated differently following the update. (To later enable applications that are automatically disabled for scheduled content updates, select
Apps, Threats
on the Dynamic Updates page or select
Objects
Applications
).
In rare instances, there can be an error in a content update. You can reduce the chance of being impacted by an unexpected issue by delaying updates to new versions until content updates are released for a specified number of hours. To delay updates to new content versions, add a
Threshold (hours)
value. For example, if you specify a threshold of 48 hours and your firewall is configured to download and install updates every hour, the firewall will query the update server every hour but will not download and install a new update until that update remains available for more than 48 hours.
File Name
List the filename; it includes the content version information.
Features
Lists what type of signatures the content version might include.
For Applications and Threats content release versions, this field might display an option to review
Apps, Threats
. Click this option to view new application signatures made available since the last content release version installed on the firewall. You can also use the
New Applications
dialog to
Enable/Disable
new applications. You might choose to disable a new application included in a content release if you want to avoid any policy impact from an application being uniquely identified (an application might be treated differently before and after a content installation if a previously unknown application is identified and categorized differently).
Type
Indicates whether the download includes a full database update or an incremental update.
Size
Displays the size of the content update package.
Release Date
The date and time Palo Alto Networks made the content release available.
Downloaded
A check mark in this column indicates that the corresponding content release version has been downloaded to the firewall.
Currently Installed
A check mark in this column indicates that the corresponding content release version is currently running on the firewall.
Action
Indicates the current action you can take for the corresponding software image as follows:
  • Download
    —The corresponding content release version is available on the Palo Alto Networks Update Server; click to
    Download
    the content release version. If the firewall does not have access to the internet, use an internet-connected computer to go to the Dynamic Updates site to look for and
    Download
    the content release version to your local computer. Then manually
    Upload
    the software image to the firewall. Additionally, downloading an Application and Threat content release version enables the option to
    Review Policies
    that are affected by new application signatures included with the release.
  • Review Policies
    (Application and Threat content only)—Review any policy impact for new applications included in a content release version. Use this option to assess the treatment an application receives both before and after installing a content update. You can also use the Policy Review dialog to add or remove a pending application (an application that is downloaded with a content release version but is not installed on the firewall) to or from an existing Security policy rule; policy changes for pending applications do not take effect until the corresponding content release version is installed.
  • Install
    —The corresponding content release version has been downloaded to the firewall; click to
    Install
    the update. When installing a new Applications and Threats content release version, you are prompted with the option to
    Disable new apps in content update
    . This option enables protection against the latest threats, while giving you the flexibility to enable applications after preparing any policy updates, due to the impact of new application signatures (to enable applications you have previously disabled, select
    Apps, Threats
    on the Dynamic Updates page or select
    Objects
    Applications
    ).
  • Revert
    —The corresponding content release version has been downloaded previously To reinstall the same version, click
    Revert
    .
Documentation
Provides a link to the release notes for the corresponding version.
delete_icon_device.png
Remove the previously downloaded content release version from the firewall.
Upload
If the firewall does not have access to the Palo Alto Networks Update Server, you can manually download dynamic updates from the Palo Alto Networks Support site in the Dynamic Updates section. After you download an update to your computer,
Upload
the update to the firewall. You then select
Install From File
and select the file you downloaded.
Install From File
After you manually upload an update file to the firewall, use this option to install the file. In the
Package Type
drop-down, select the type of update you are installing (
Application and Threats
,
Antivirus
, or
WildFire
), click
OK
, select the file you want to install and then click
OK
again to start the installation.

Recommended For You