Deploy Applications and Threats Content Updates

Take these steps to activate a Threat Prevention license and to set the schedule for a Palo Alto Networks next-gen firewall to get the latest Application and Threat signatures.
Before you take the steps to configure application and threat content updates, learn about how Applications and Threats Content Updates work and decide how you want to implement Best Practices for Applications and Threats Content Updates.
Additionally, Panorama enables you to deploy content updates to firewalls easily and rapidly. If you’re using Panorama to manage firewalls, follow these steps to deploy content updates instead of the ones below.
  1. To unlock the full Applications and Threats content package, get a Threat Prevention license and activate the license on the firewall.
    1. Select
      Device
      Licenses
      .
    2. Manually upload the license key or retrieve it from the Palo Alto Networks license server.
    3. Verify that the Threat Prevention license is active.
  2. Set the schedule for the firewall to retrieve and install content updates.
    As you complete the following steps, it’s particularly important that you consider whether your organization is mission-critical or security-first(or a mix of both), and that you have reviewed the Best Practices for Applications and Threats Content Updates.
    1. Select
      Device
      Dynamic Updates
      .
    2. Select the
      Schedule
      for Applications and Threat content updates.
    3. Set how frequently (the
      Recurrence
      ) the firewall checks with the Palo Alto Networks update server for new Applications and Threat content releases, and on what
      Day
      and
      Time
      .
    4. Set the
      Action
      for the firewall to take when it finds and retrieves a new content release.
    5. Set an installation
      Threshold
      for content releases. Content releases must be available on the Palo Alto Networks update server at least this amount of time before the firewall can retrieve the release and perform the Action you configured in the last step.
    6. If yours is a mission-critical network, where you have zero tolerance for application downtime (application availability is tantamount even to the latest threat prevention), you can set a
      New App-ID Threshold
      . The firewall only retrieves content updates that contain new App-IDs after they have been available for this amount of time.
    7. Click
      OK
      to save the Applications and Threats content update schedule, and
      Commit
      .
  3. Set up log forwarding to send Palo Alto Networks critical content alerts to external services that you use for monitoring network and firewall activity. This allows you to ensure that the appropriate personnel is notified about critical content issues, so that they can take action as needed. Critical content alerts are logged as system log entries with the following Type and Event: (subtype eq content) and (eventid eq palo-alto-networks-message).
  4. While scheduling content updates is a one-time or infrequent task, after you’ve set the schedule, you’ll need to continue to Manage New and Modified App-IDs that are included in content releases, as these App-IDs can change how security policy is enforced.

Related Documentation