Tips for Content Updates
Here’s what you should do to reduce the chance that a content release might impact your network in an unexpected way.
Palo Alto Networks application and threat content releases undergo rigorous performance and quality assurance. However, because there are so many possible variables in a customer environment, there are rare occasions where a content release might impact a network in an unexpected way. Follow these tips to mitigate or troubleshoot an issue with a content release, so that there is as little impact to your network as possible.
Follow the Best Practices for Application and Threat Content Updates
Review and implement the Best Practices for Application and Threat Content Updates. How you choose to deploy content updates might depend on your network security and application availability requirements.
Get the Latest Content Update
Get the latest content update, if you haven’t configured the firewall to download and install it automatically.
The firewall validates that downloaded content updates are still Palo Alto Networks- recommended at the time of installation. This check, which the firewall performs by default, is helpful in cases where content updates are downloaded from the Palo Alto Networks update server (either manually or on a schedule) ahead of installation. Because there are rare instances where Palo Alto Networks removes a content update from availability, this option prevents the firewall from installing a content update that Palo Alto Networks has removed, even if the firewall has already downloaded it. If you see an error message that the content update you’re attempting to install is no longer valid, Check Now to get the most recent content update and install that version instead (DeviceDynamic Updates).
Turn On Threat Intelligence Telemetry
Turn on the threat intelligence telemetry that the firewall sends to Palo Alto Networks. We use telemetry data to identify and troubleshoot issues with content updates.
Telemetry data helps us to quickly recognize a content update that is impacting firewall performance or security policy enforcement in unexpected ways, across the Palo Alto Networks customer base. The more quickly we can identify an issue, the more quickly we can help you to avoid the issue altogether or mitigate impact to your network.
To enable the firewall to collect and share telemetry data with Palo Alto Networks:
- Select DeviceSetupTelemetry.
- Edit the Telemetry settings and Select All.
- Click OK and Commit to save your changes.
Forward Palo Alto Networks Content Update Alerts to the Right People
Enable log forwarding for Palo Alto Networks critical content alerts, so that important messages about content release issues go directly to the appropriate personnel.
Palo Alto Networks can now issue alerts about content update issues directly to the firewall web interface or—if you have log forwarding enabled—to the external service you use for monitoring. Critical content alerts describe the issue so that you can understand how it affects you, and include steps to take action if needed.
In the firewall web interface, critical alerts about content issues are displayed similarly to the Message of the Day. When Palo Alto Networks issues a critical alert about a content update, the alert is displayed by default when you log into the firewall web interface. If you’re already logged into the firewall web interface, you will notice an exclamation appear over the message icon on the menu bar located at the bottom of the web interface—click on the message icon to view the alert.
Critical content update alerts are also logged as system log entries with the Type dynamic-updates and the Event palo-alto-networks-message. Use the following filter to view these log entries: ( subtype eq dynamic-updates) and ( eventid eq palo-alto-networks-message).
PAN-OS 8.1.2 changed the log type for critical content alerts from general to dynamic-updates. If you’re using PAN-OS 8.1.0 or PAN-OS 8.1.1, critical content are logged as system log entries with the following Type and Event, and you should set up forwarding for these alerts using the following filter: (subtype eq general) and (eventid eq palo-alto-networks-message).
If Needed, Use Panorama to Rollback to an Earlier Content Release
After being notified about an issue with a content update, you can use Panorama to quickly revert managed firewalls to the last content update version, instead of manually reverting the content version for individual firewalls: Revert Content Updates on Managed Firewalls.
Tools to Avoid or Mitigate Content Update Issues
Tools to Avoid or Mitigate Content Update Issues Palo Alto Networks Application and Threat Content Updates undergo rigorous performance and quality assurance; however, because there ...
Content Inspection Features
PAN-OS 8.1 provides the content inspection features: SCTP Security, Rapid Deployment of the Latest Threat Prevention Updates, and Tools to Avoid or Mitigate Content Update ...
Share Threat Intelligence with Palo Alto Networks
Share Threat Intelligence with Palo Alto Networks Telemetry is the process of collecting and transmitting data for analysis. When you enable telemetry on the firewall, ...
Best Practices for Content Updates—Mission-Critical
Follow these best practices to deploying content updates in a mission-critical network, where application availability is top priority. ...
Best Practices for Content Updates—Security-First
Follow these best practices to deploying content updates in a security-first network, where threat prevention is top priority. ...
Configure Application and Threat Content Updates
Take these steps to activate a Threat Prevention license and to set the schedule for a Palo Alto Networks next-gen firewall to get the latest ...
What Telemetry Data Does the Firewall Collect?
What Telemetry Data Does the Firewall Collect? The firewall collects and forwards different sets of telemetry data to Palo Alto Networks based on the Telemetry ...
Disable and Enable App-IDs
Disable and Enable App-IDs You can disable all App-IDs introduced in a content release if you want to immediately benefit from the latest threat prevention, ...
Device > Setup > Telemetry
Device > Setup > Telemetry Telemetry is the process of collecting and transmitting data for analysis. When you enable telemetry on the firewall, the firewall ...