Tools to Avoid or Mitigate Content Update Issues
Palo Alto Networks Application and Threat Content Updates undergo rigorous performance and quality assurance; however, because there are so many possible variables in a customer environment, there are rare occasions where a content release might impact a network in a way that we did not foresee. The following features are intended to help both you and us avoid and mitigate an issue with a content release, so that there is as little impact to your network as possible.Review the Best Practices for Application and Threat Content Updates for guidance on how to best deploy content updates based on your organization’s network security and application availability needs.
- The firewall can now validate that a
downloaded content update is still Palo Alto Networks-recommended
at the time of installation.This check, which the firewall performs by default, is helpful in cases where content updates are downloaded from the Palo Alto Networks update server (either manually or on a schedule) ahead of installation. Because there are rare instances where Palo Alto Networks removes a content update from availability, this option prevents the firewall from installing a content update that Palo Alto Networks has deprecated, even if the firewall has already downloaded it.
- The threat intelligence telemetry data that
the firewall sends to Palo Alto Networks now includes information
that Palo Alto Networks can use to identify and troubleshoot issues
with content updates.This new telemetry data helps us to quickly recognize a content update that is impacting firewall performance or security policy enforcement in unexpected ways, across the Palo Alto Networks customer base. We can quickly determine the firewall platforms or types of firewall deployments that are affected in order to help you to mitigate impact to your own network, or avoid the issue altogether.Make sure that you’ve enabled the firewall to collect and share telemetry data with Palo Alto Networks:
- Select DeviceSetupTelemetry.
- Edit the Telemetry settings and Select All.
- Click OK and Commit to save your changes.
- Palo Alto Networks can now directly alert you to a critical
content release issue; we’ll give you the information you need to
understand if and how the issue affects you, along with steps to
move forward.Palo Alto Networks can now issue alerts about content update issues directly to the firewall web interface or—if you have log forwarding enabled—to the external service you use for monitoring.In the firewall web interface, critical alerts about content issues are displayed similarly to the Message of the Day. When Palo Alto Networks issues a critical alert about a content update, the alert is displayed by default when you log into the firewall web interface. If you’re already logged into the firewall web interface, you will notice an exclamation appear over the message icon on the menu bar located at the bottom of the web interface—click on the message icon to view the alert.Critical content update alerts are also logged as system log entries with the Type generaland the event ID palo-alto-networks-message. Use the following filter to view these log entries: ( subtype eq dynamic-updates ) and ( eventid eq palo-alto-networks-message).Set up log forwarding to send these entries to any external services that you use for monitoring network and firewall activity. This allows you to make sure that the appropriate personnel is notified when Palo Alto Networks issues an alert, so that they can take action as needed.
- After being notified about an issue with a content update, you can now use Panorama to revert managed firewalls to the last content update version, instead of manually reverting the content version for individual firewalls. To learn more, see Content Update Reversion from Panorama.
Troubleshoot Content Update Issues
Here’s what you should do to reduce the chance that a content release might impact your network in an unexpected way. ...
Content Inspection Features
PAN-OS 8.1 provides the content inspection features: SCTP Security, Rapid Deployment of the Latest Threat Prevention Updates, and Tools to Avoid or Mitigate Content Update ...
Share Threat Intelligence with Palo Alto Networks
Share Threat Intelligence with Palo Alto Networks Telemetry is the process of collecting and transmitting data for analysis. When you enable telemetry on the firewall, ...
Best Practices for Content Updates—Mission-Critical
Follow these best practices to deploying content updates in a mission-critical network, where application availability is top priority. ...
Best Practices for Content Updates—Security-First
Follow these best practices to deploying content updates in a security-first network, where threat prevention is top priority. ...
Content Inspection Features
Content Inspection Features SCTP Security Firewalls allow you to secure SCTP traffic by inspecting messages; by filtering SCTP, Diameter, and SS7 chunks; and by protecting ...
Applications and Threat Updates
Applications and Threats content updates equip Palo Alto Networks next-gen firewalls with the very latest threat prevention and application identification technology. ...
Device > Dynamic Updates
Device > Dynamic Updates Device > Dynamic Updates Panorama > Dynamic Updates Palo Alto Networks regularly posts updates for new and modified applications, threat protection, ...
What Telemetry Data Does the Firewall Collect?
What Telemetry Data Does the Firewall Collect? The firewall collects and forwards different sets of telemetry data to Palo Alto Networks based on the Telemetry ...