Deploy Applications and Threats Content Updates
Take these steps to activate a Threat Prevention license and to set the schedule for a Palo Alto Networks next-gen firewall to get the latest Application and Threat signatures.
Before you take the steps to configure application and threat content updates, learn about how Applications and Threats Content Updates work and decide how you want to implement Best Practices for Applications and Threats Content Updates.
Additionally, Panorama enables you to deploy content updates to firewalls easily and rapidly. If you’re using Panorama to manage firewalls, follow these steps to deploy content updates instead of the ones below.
- To unlock the full Applications and Threats content
package, get a Threat Prevention license and activate the license on the firewall.
- Select DeviceLicenses.
- Manually upload the license key or retrieve it from the Palo Alto Networks license server.
- Verify that the Threat Prevention license is active.
- Set the schedule for the firewall to retrieve and install
content updates.As you complete the following steps, it’s particularly important that you consider whether your organization is mission-critical or security-first(or a mix of both), and that you have reviewed the Best Practices for Applications and Threats Content Updates.
- Select DeviceDynamic Updates.
- Select the Schedule for Applications and Threat content updates.
- Set how frequently (the Recurrence) the firewall checks with the Palo Alto Networks update server for new Applications and Threat content releases, and on what Day and Time.
- Set the Action for the firewall to take when it finds and retrieves a new content release.
- Set an installation Threshold for content releases. Content releases must be available on the Palo Alto Networks update server at least this amount of time before the firewall can retrieve the release and perform the Action you configured in the last step.
- If yours is a mission-critical network, where you have zero tolerance for application downtime (application availability is tantamount even to the latest threat prevention), you can set a New App-ID Threshold. The firewall only retrieves content updates that contain new App-IDs after they have been available for this amount of time.
- Click OK to save the Applications and Threats content update schedule, and Commit.
- Set up log forwarding to send Palo Alto Networks critical content alerts to external services that you use for monitoring network and firewall activity. This allows you to ensure that the appropriate personnel is notified about critical content issues, so that they can take action as needed. Critical content alerts are logged as system log entries with the following Type and Event: (subtype eq content) and (eventid eq palo-alto-networks-message).
- While scheduling content updates is a one-time or infrequent task, after you’ve set the schedule, you’ll need to continue to Manage New and Modified App-IDs that are included in content releases, as these App-IDs can change how security policy is enforced.
Workflow to Best Incorporate New and Modified App-IDs
Workflow to Best Incorporate New and Modified App-IDs Refer to this master workflow to first set up Application and Threat content updates, and then to ...
Applications and Threat Updates
Applications and Threats content updates equip Palo Alto Networks next-gen firewalls with the very latest threat prevention and application identification technology. ...
Best Practices for Application and Threat Content Updates
Learn the best practices for keeping application and threat content signatures up-to-date seamlessly. ...
Best Practices for Content Updates—Mission-Critical
Follow these best practices to deploying content updates in a mission-critical network, where application availability is top priority. ...
Streamlined Panorama Deployment for Application and Threat ...
Streamlined Panorama Deployment for Application and Threat Content Updates When using Panorama to deploy content updates to managed firewalls, you can now more easily configure ...
Best Practices for Content Updates—Security-First
Follow these best practices to deploying content updates in a security-first network, where threat prevention is top priority. ...
App-ID To safely enable applications on your network, the Palo Alto Networks next-generation firewalls provide both an application and web perspective—App-ID and URL Filtering—to protect ...
Install Content and Software Updates
Install Content and Software Updates To ensure that you are always protected from the latest threats (including those that have not yet been discovered), you ...
Disable and Enable App-IDs
Disable and Enable App-IDs You can disable all App-IDs introduced in a content release if you want to immediately benefit from the latest threat prevention, ...