Deploy Applications and Threats Content Updates

Take these steps to activate a Threat Prevention license and to set the schedule for a Palo Alto Networks next-gen firewall to get the latest Application and Threat signatures.
Before you take the steps to configure application and threat content updates, learn about how Applications and Threats Content Updates work and decide how you want to implement Best Practices for Applications and Threats Content Updates.
Additionally, Panorama enables you to deploy content updates to firewalls easily and rapidly. If you’re using Panorama to manage firewalls, follow these steps to deploy content updates instead of the ones below.
  1. To unlock the full Applications and Threats content package, get a Threat Prevention license and activate the license on the firewall.
    1. Select DeviceLicenses.
    2. Manually upload the license key or retrieve it from the Palo Alto Networks license server.
    3. Verify that the Threat Prevention license is active.
  2. Set the schedule for the firewall to retrieve and install content updates.
    As you complete the following steps, it’s particularly important that you consider whether your organization is mission-critical or security-first(or a mix of both), and that you have reviewed the Best Practices for Applications and Threats Content Updates.
    1. Select DeviceDynamic Updates.
    2. Select the Schedule for Applications and Threat content updates.
    3. Set how frequently (the Recurrence) the firewall checks with the Palo Alto Networks update server for new Applications and Threat content releases, and on what Day and Time.
    4. Set the Action for the firewall to take when it finds and retrieves a new content release.
    5. Set an installation Threshold for content releases. Content releases must be available on the Palo Alto Networks update server at least this amount of time before the firewall can retrieve the release and perform the Action you configured in the last step.
    6. If yours is a mission-critical network, where you have zero tolerance for application downtime (application availability is tantamount even to the latest threat prevention), you can set a New App-ID Threshold. The firewall only retrieves content updates that contain new App-IDs after they have been available for this amount of time.
    7. Click OK to save the Applications and Threats content update schedule, and Commit.
  3. Set up log forwarding to send Palo Alto Networks critical content alerts to external services that you use for monitoring network and firewall activity. This allows you to ensure that the appropriate personnel is notified about critical content issues, so that they can take action as needed. Critical content alerts are logged as system log entries with the following Type and Event: (subtype eq content) and (eventid eq palo-alto-networks-message).
  4. While scheduling content updates is a one-time or infrequent task, after you’ve set the schedule, you’ll need to continue to Manage New and Modified App-IDs that are included in content releases, as these App-IDs can change how security policy is enforced.

Related Documentation