Install Content and Software Updates

To ensure that you are always protected from the latest threats (including those that have not yet been discovered), you must ensure that you keep your firewalls up-to-date with the latest content and software updates published by Palo Alto Networks.
The following content updates are available, depending on which subscriptions you have:
  • Antivirus
    —Includes new and updated antivirus signatures, including WildFire signatures and automatically-generated command-and-control (C2) signatures. WildFire signatures detect malware first seen by firewalls from around the world. Automatically-generated C2 detect certain patterns in C2 traffic (instead of the C2 server sending malicious commands to a compromised system); these signatures enable the firewall to detect C2 activity even when the C2 host is unknown or changes rapidly. You must have a Threat Prevention subscription to get these updates. New antivirus signatures are published daily.
  • Applications
    —Includes new and updated application signatures. This update does not require any additional subscriptions, but it does require a valid maintenance/support contract. New applications are published once monthly, and modified applications are published weekly. To best deploy application updates to ensure application availability, be sure to follow the Best Practices for Application and Threat Content Updates.
  • Applications and Threats
    —Includes new and updated application and threat signatures, including those that detect spyware and vulnerabilities. This update is available if you have a Threat Prevention subscription (and you get it instead of the Applications update). New and modified threat signatures and modified applications signatures are published weekly; new application signatures are published once monthly. The firewall can retrieve the latest update within 30 minutes of availability. To best deploy application and threat updates based on your security and application availability needs, be sure to follow the Best Practices for Application and Threat Content Updates.
  • GlobalProtect Data File
    —Contains the vendor-specific information for defining and evaluating host information profile (HIP) data returned by GlobalProtect apps. You must have a GlobalProtect license (subscription) and create an update schedule in order to receive these updates.
  • GlobalProtect Clientless VPN
    —Contains new and updated application signatures to enable Clientless VPN access to common web applications from the GlobalProtect portal. You must have a GlobalProtect license (subscription) and create an update schedule in order to receive these updates and enable Clientless VPN to function.
  • WildFire
    —Available with a WildFire subscription, this update provides near real-time malware and antivirus signatures created as a result of the analysis done by the WildFire cloud service. As a best practice, schedule the firewall to retrieve and WildFire updates every minute (this allows the firewall to get the latest signatures within a minute of availability). If you have a Threat Prevention subscription and not a WildFire subscription, you must wait 24 to 48 hours for the WildFire signatures to roll into the antivirus update.
  • WF-Private
    —Provides malware signatures generated by an on-premise WildFire appliance.
Follow the steps to install content and software updates.
  1. Ensure that the firewall has access to the update server.
    1. By default, the firewall accesses the
      Update Server
      so that the firewall receives content updates from the server to which it is closest. If your firewall has limited access to the Internet, it might be necessary to configure your allow list to enable access to servers involved in update downloads. For more information about content update servers, refer to Content Delivery Network Infrastructure for Dynamic Updates. If you want additional reference information or are experiencing connectivity and update download issues, please refer to
      If your device is located in mainland China, Palo Alto Networks recommends using the
      server for update downloads.
    2. (
      ) Click
      Verify Update Server Identity
      for an extra level of validation to enable the firewall to check that the server’s SSL certificate is signed by a trusted authority. This is enabled by default.
    3. (
      ) If the firewall needs to use a proxy server to reach Palo Alto Networks update services, in the
      Proxy Server
      window, enter:
      • Server
        —IP address or host name of the proxy server.
      • Port
        —Port for the proxy server. Range: 1-65535.
      • User
        —Username to access the server.
      • Password
        —Password for the user to access the proxy server. Re-enter the password at
        Confirm Password
  2. Check for the latest content updates.
    Dynamic Updates
    and click
    Check Now
    (located in the lower left-hand corner of the window) to check for the latest updates. The link in the
    column indicates whether an update is available:
    • Download
      —Indicates that a new update file is available. Click the link to begin downloading the file directly to the firewall. After successful download, the link in the
      column changes from
    You cannot download the antivirus update until you have installed the Application and Threats update.
    • Revert
      —Indicates that a previously installed version of the content or software version is available. You can choose to revert to the previously installed version.
  3. Install the content updates.
    Installation can take up to 20 minutes on a PA-200 or PA-500 firewall and up to two minutes on a PA-5000 Series, PA-7000 Series, or VM-Series firewall.
    Click the
    link in the
    column. When the installation completes, a check mark displays in the
    Currently Installed
  4. Schedule each content update.
    Repeat this step for each update you want to schedule.
    Stagger the update schedules because the firewall can only download one update at a time. If you schedule the updates to download during the same time interval, only the first download will succeed.
    1. Set the schedule of each update type by clicking the
    2. Specify how often you want the updates to occur by selecting a value from the
      drop-down. The available values vary by content type (WildFire updates are available
      Every Minute
      Every 15 Minutes
      Every 30 minutes
      , or
      Every Hour
      whereas Applications and Threats updates can be scheduled for
      , or
      Every 30 Minutes
      and Antivirus updates can be scheduled for
      , or
      As new WildFire signatures are made available every five minutes, set the firewall to retrieve WildFire updates
      Every Minute
      to get the latest signatures within a minute of availability.
    3. Specify the
      and (or, minutes past the hour in the case of WildFire), if applicable depending on the
      value you selected,
      of the week that you want the updates to occur.
    4. Specify whether you want the system to
      Download Only
      or, as a best practice,
      Download And Install
      the update.
    5. Enter how long after a release to wait before performing a content update in the
      Threshold (Hours)
      field. In rare instances, errors in content updates may be found. For this reason, you may want to delay installing new updates until they have been released for a certain number of hours.
      If you have mission critical applications that must be 100% available, set the threshold for Applications or Applications and Threats updates to a minimum of 24 hours or more and follow the Best Practices for Application and Threat Content Updates.
    6. Click
      to save the schedule settings.
    7. Click
      to save the settings to the running configuration.
  5. Update PAN-OS.
    Always update content before updating PAN-OS. Every PAN-OS version has a minimum supported content release version.

Recommended For You