Tips for Content Updates
Here’s what you should do to reduce the chance that a content release might impact your network in an unexpected way.
Palo Alto Networks application and threat content releases undergo rigorous performance and quality assurance. However, because there are so many possible variables in a customer environment, there are rare occasions where a content release might impact a network in an unexpected way. Follow these tips to mitigate or troubleshoot an issue with a content release, so that there is as little impact to your network as possible.
- Follow the best practices for Application and Threat Content Updates.Review and implement the Best Practices for Applications and Threats Content Updates. How you choose to deploy content updates might depend on your network security and application availability requirements.
- Ensure that you’re running the latest content.Get the latest content update, if you haven’t configured the firewall to download and install it automatically.The firewall validates that downloaded content updates are still Palo Alto Networks- recommended at the time of installation. This check, which the firewall performs by default, is helpful in cases where content updates are downloaded from the Palo Alto Networks update server (either manually or on a schedule) ahead of installation. Because there are rare instances where Palo Alto Networks removes a content update from availability, this option prevents the firewall from installing a content update that Palo Alto Networks has removed, even if the firewall has already downloaded it. If you see an error message that the content update you’re attempting to install is no longer valid,Check Nowto get the most recent content update and install that version instead ().DeviceDynamic Updates
- Turn on threat intelligence telemetry.Turn on the threat intelligence telemetry that the firewall sends to Palo Alto Networks. We use telemetry data to identify and troubleshoot issues with content updates.Telemetry data helps us to quickly recognize a content update that is impacting firewall performance or security policy enforcement in unexpected ways, across the Palo Alto Networks customer base. The more quickly we can identify an issue, the more quickly we can help you to avoid the issue altogether or mitigate impact to your network.To enable the firewall to collect and share telemetry data with Palo Alto Networks:
- Edit theTelemetrysettings andSelect All.
- ClickOKandCommitto save your changes.
- Forward Palo Alto Networks content update alerts to the right people.Enable log forwarding for Palo Alto Networks critical content alerts, so that important messages about content release issues go directly to the appropriate personnel.Palo Alto Networks can now issue alerts about content update issues directly to the firewall web interface or—if you have log forwarding enabled—to the external service you use for monitoring. Critical content alerts describe the issue so that you can understand how it affects you, and include steps to take action if needed.In the firewall web interface, critical alerts about content issues are displayed similarly to the Message of the Day. When Palo Alto Networks issues a critical alert about a content update, the alert is displayed by default when you log into the firewall web interface. If you’re already logged into the firewall web interface, you will notice an exclamation appear over the message icon on the menu bar located at the bottom of the web interface—click on the message icon to view the alert.Critical content update alerts are also logged as system log entries with the Typedynamic-updatesand the Eventpalo-alto-networks-message. Use the following filter to view these log entries: ( subtype eq dynamic-updates) and ( eventid eq palo-alto-networks-message).
- If needed, use Panorama to rollback to an earlier content release.After being notified about an issue with a content update, you can use Panorama to quickly revert managed firewalls to the last content update version, instead of manually reverting the content version for individual firewalls: Revert Content Updates on Managed Firewalls.
Share Threat Intelligence with Palo Alto Networks
Share Threat Intelligence with Palo Alto Networks Telemetry is the process of collecting and transmitting data for analysis. When you enable telemetry on the firewall, ...
Best Practices for Content Updates—Mission-Critical
Follow these best practices to deploying content updates in a mission-critical network, where application availability is top priority. ...
Best Practices for Content Updates—Security-First
Follow these best practices to deploying content updates in a security-first network, where threat prevention is top priority. ...
Deploy Applications and Threats Content Updates
Take these steps to activate a Threat Prevention license and to set the schedule for a Palo Alto Networks next-gen firewall to get the latest ...
Disable and Enable App-IDs
Disable and Enable App-IDs You can disable all App-IDs introduced in a content release if you want to immediately benefit from the latest threat prevention, ...
Applications and Threats Content Updates
Applications and Threats content updates equip Palo Alto Networks next-gen firewalls with the very latest threat prevention and application identification technology. ...
Workflow to Best Incorporate New and Modified App-IDs
Workflow to Best Incorporate New and Modified App-IDs Refer to this master workflow to first set up Application and Threat content updates, and then to ...
What Telemetry Data Does the Firewall Collect?
What Telemetry Data Does the Firewall Collect? The firewall collects and forwards different sets of telemetry data to Palo Alto Networks based on the Telemetry ...
Device > Setup > Telemetry
Device > Setup > Telemetry Telemetry is the process of collecting and transmitting data for analysis. When you enable telemetry on the firewall, the firewall ...