Device > Dynamic Updates
- Device > Dynamic Updates
- Panorama > Dynamic Updates
Palo Alto Networks regularly posts updates for new and modified applications, threat protection, and GlobalProtect data files through dynamic updates as follows:
- Antivirus—Includes new and updated antivirus signatures, including WildFire signatures and automatically-generated command-and-control (C2) signatures. WildFire signatures detect malware first seen by firewalls from around the world. Automatically-generated C2 signatures detect certain patterns in C2 traffic (instead of the C2 server sending malicious commands to a compromised system); these signatures enable the firewall to detect C2 activity even when the C2 host is unknown or changes rapidly. You must have a Threat Prevention subscription to get these updates. New antivirus signatures are published daily.
- Applications—Includes new and updated application signatures. This update does not require any additional subscriptions, but it does require a valid maintenance/support contract. New application updates are published weekly.
- Applications and Threats—Includes new and updated application and threat signatures. This update is available if you have a Threat Prevention subscription (in this case, you will get this update instead of the Applications update). New threat updates are published weekly, and application updates are published monthly. The firewall can retrieve the latest threat and application updates within as little as 30 minutes of availability.You also have the option to install new and modified applications on a delayed schedule. Configure new threat signatures to be installed more immediately so that the firewall is equipped with the latest threat protection, while staggering the threshold for application installation. This gives you extra time to assess and adjust your security policy based on the changes that new and modified applications introduce.For guidance on how to best enable application and threat updates to ensure both application availability and protection against the latest threats, review the Best Practices for Application and Threat Content Updates.
- GlobalProtect Data File—Contains the vendor-specific information for defining and evaluating host information profile (HIP) data returned by GlobalProtect apps. You must have a GlobalProtect gateway subscription in order to receive these updates. In addition, you must create a schedule for these updates before GlobalProtect will function.
- GlobalProtect Clientless VPN—Contains new and updated application signatures to enable Clientless VPN access to common web applications from the GlobalProtect portal. You must have a GlobalProtect subscription to receive these updates. In addition, you must create a schedule for these updates before GlobalProtect Clientless VPN will function.
- BrightCloud URL Filtering—Provides updates to the BrightCloud URL Filtering database only. You must have a BrightCloud subscription to get these updates. New BrightCloud URL database updates are published daily. If you have a PAN-DB license, scheduled updates are not required as firewalls remain in-sync with the servers automatically.
- WildFire—Provides near real-time malware and antivirus signatures created as a result of the analysis done by the WildFire public cloud. WildFire signature updates are made available every five minutes. You can set the firewall to check for new updates as frequently as every minute to ensure that the firewall retrieves the latest WildFire signatures within a minute of availability. Without the WildFire subscription, you must wait 24 to 48 hours for the WildFire signatures to roll into the Applications and Threat update. Select DeviceSetupWildFire to enable WildFire Public Cloud analysis.
- WF-Private—Provides near real-time malware and antivirus signatures created as a result of the analysis done by a WildFire appliance. To receive content updates from a WildFire appliance, the firewall and appliance must both be running PAN-OS 6.1 or a later release and the firewall must be configured to forward files and email links to the WildFire Private Cloud. Select Device > Setup > WildFire to enable WildFire Private Cloud analysis.
You can view the latest updates, read the release notes for each update, and then select the update you want to download and install. You can also revert to a previously installed version of an update.
Setting a schedule for dynamic updates, allows you to define the frequency at which the firewall checks for and downloads or installs new updates. Particularly for Applications and Threats content updates, you might want to set a schedule that staggers new and modified application updates behind threat updates; this gives you more time to assess how new and modified applications impact your security policy, while ensuring that the firewall is always equipped with the latest threat protections.
Dynamic Updates Options
Lists the versions that are currently available on the Palo Alto Networks Update Server. To check if a new software release is available from Palo Alto Networks, click Check Now. The firewall uses the service route to connect to the Update Server and checks for new content release versions and, if there are updates available, displays them at the top of the list.
Displays the date and time that the firewall last connected to the update server and checked if an update was available.
Allows you to schedule the frequency for retrieving updates.
You can define how often and when the dynamic content updates occur—the Recurrence and time—and whether to Download Only or to Download and Install scheduled updates
For Antivirus and Applications and Threats updates, you have the option to set a minimum Threshold of time that a content update must be available before the firewall installs it. Very rarely, there can be an error in a content update and this threshold ensures that the firewall only downloads content releases that have been available and functioning in customer environments for the specified amount of time.
For Applications and Threats content updates, you can also set a threshold that applies specifically to content updates with new and modified applications. An extended application threshold gives you more time to assess and adjust your security policy based on changes that new or modified applications introduce.
For guidance on how to best enable Application and Threat content updates to achieve both constant application availability and the latest threat protection, review the Best Practices for Application and Threat Content Updates.
List the filename; it includes the content version information.
Lists what type of signatures the content version might include.
For Applications and Threats content release versions, this field might display an option to review Apps, Threats. Click this option to view new application signatures made available since the last content release version installed on the firewall. You can also use the New Applications dialog to Enable/Disable new applications. You might choose to disable a new application included in a content release if you want to avoid any policy impact from an application being uniquely identified (an application might be treated differently before and after a content installation if a previously unknown application is identified and categorized differently).
Indicates whether the download includes a full database update or an incremental update.
Displays the size of the content update package.
The date and time Palo Alto Networks made the content release available.
A check mark in this column indicates that the corresponding content release version has been downloaded to the firewall.
A check mark in this column indicates that the corresponding content release version is currently running on the firewall.
Indicates the current action you can take for the corresponding software image as follows:
Provides a link to the release notes for the corresponding version.
Remove the previously downloaded content release version from the firewall.
If the firewall does not have access to the Palo Alto Networks Update Server, you can manually download dynamic updates from the Palo Alto Networks Support site in the Dynamic Updates section. After you download an update to your computer, Upload the update to the firewall. You then select Install From File and select the file you downloaded.
Install From File
After you manually upload an update file to the firewall, use this option to install the file. In the Package Type drop-down, select the type of update you are installing (Application and Threats, Antivirus, or WildFire), click OK, select the file you want to install and then click OK again to start the installation.
Install Content and Software Updates
Install Content and Software Updates To ensure that you are always protected from the latest threats (including those that have not yet been discovered), you ...
Configure Application and Threat Content Updates
Take these steps to activate a Threat Prevention license and to set the schedule for a Palo Alto Networks next-gen firewall to get the latest ...
Best Practices for Content Updates—Mission-Critical
Follow these best practices to deploying content updates in a mission-critical network, where application availability is top priority. ...
Streamlined Panorama Deployment for Application and Threat ...
Streamlined Panorama Deployment for Application and Threat Content Updates When using Panorama to deploy content updates to managed firewalls, you can now more easily configure ...
Applications and Threat Updates
Applications and Threats content updates equip Palo Alto Networks next-gen firewalls with the very latest threat prevention and application identification technology. ...
Disable and Enable App-IDs
Disable and Enable App-IDs You can disable all App-IDs introduced in a content release if you want to immediately benefit from the latest threat prevention, ...
Schedule a Content Update Using Panorama
Schedule a Content Update Using Panorama Panorama™ requires a direct internet connection for scheduling Supported Updates on firewalls, Log Collectors, and WildFire® appliances and appliance ...
See the New and Modified App-IDs in a Content Release
See the New and Modified App-IDs in a Content Release For both downloaded and installed content updates, you can see a list of the new ...
Workflow to Best Incorporate New and Modified App-IDs
Workflow to Best Incorporate New and Modified App-IDs Refer to this master workflow to first set up Application and Threat content updates, and then to ...