Install Content Updates
To ensure that you are always protected from the latest threats (including those that have not yet been discovered), you must ensure that you keep your firewalls up-to-date with the latest content and software updates published by Palo Alto Networks. The Dynamic Content Updates available to you depend on which Subscriptions you have.
Follow these steps to install content updates. You can also set a schedule for content updates, to define the frequency at which the firewall retrieves and installs updates.
Applications and Threats content updates work a little differently than other update types—to get the most out of the latest application knowledge and threat prevention, follow the guidelines to Deploy Applications and Threats Content Updates instead of the steps here.
- Ensure that the firewall has access to the update
- By default, the firewall accesses the Update Server at updates.paloaltonetworks.com so that the firewall receives content updates from the server to which it is closest in the Content Delivery Network Infrastructure for Dynamic Updates. If the firewall has restricted access to the Internet, set the update server address to use the hostname staticupdates.paloaltonetworks.com or the IP address 188.8.131.52 instead of dynamically selecting a server from the CDN infrastructure.
- (Optional) Click Verify Update Server Identity for an extra level of validation to enable the firewall to check that the server’s SSL certificate is signed by a trusted authority. This is enabled by default.
- (Optional) If the firewall needs to use a
proxy server to reach Palo Alto Networks update services, in the Proxy
Server window, enter:
- Server—IP address or host name of the proxy server.
- Port—Port for the proxy server. Range: 1-65535.
- User—Username to access the server.
- Password—Password for the user to access the proxy server. Re-enter the password at Confirm Password.
- Check for the latest content updates.Select DeviceDynamic Updates and click Check Now (located in the lower left-hand corner of the window) to check for the latest updates. The link in the Action column indicates whether an update is available:
You cannot download the antivirus update until you have installed the Application and Threats update.
- Download—Indicates that a new update file is available. Click the link to begin downloading the file directly to the firewall. After successful download, the link in the Action column changes from Download to Install.
If you are using PAN-DB as your URL filtering database you will not see an upgrade link because the PAN-DB database on the firewall automatically synchronizes with the PAN-DB cloud.To check the status of an action, click Tasks (on the lower right-hand corner of the window).
- Upgrade—Indicates that a new version of the BrightCloud database is available. Click the link to begin the download and installation of the database. The database upgrade begins in the background; when completed a check mark displays in the Currently Installed column.
- Revert—Indicates that a previously installed version of the content or software version is available. You can choose to revert to the previously installed version.
- Install the content updates.Installation can take up to 10 minutes on a PA-220 firewall and up to two minutes on a PA-5200 Series, PA-7000 Series, or VM-Series firewall.Click the Install link in the Action column. When the installation completes, a check mark displays in the Currently Installed column.
each content update.Repeat this step for each update you want to schedule.Stagger the update schedules because the firewall can only download one update at a time. If you schedule the updates to download during the same time interval, only the first download will succeed.
- Set the schedule of each update type by clicking the None link.
- Specify how often you want the updates to occur by
selecting a value from the Recurrence drop-down.
The available values vary by content type (WildFire updates are
available Every Minute, Every
15 Minutes, Every 30 minutes,
or Every Hour whereas Applications and Threats
updates can be scheduled for Weekly, Daily, Hourly,
or Every 30 Minutes and Antivirus updates
can be scheduled for Hourly, Daily,
or Weekly).As new WildFire signatures are made available every five minutes, set the firewall to retrieve WildFire updates Every Minute to get the latest signatures within a minute of availability.
- Specify the Time and (or, minutes past the hour in the case of WildFire), if applicable depending on the Recurrence value you selected, Day of the week that you want the updates to occur.
- Specify whether you want the system to Download Only or, as a best practice, Download And Install the update.
- Enter how long after a release to wait before performing
a content update in the Threshold (Hours) field.
In rare instances, errors in content updates may be found. For this
reason, you may want to delay installing new updates until they
have been released for a certain number of hours.If you have mission critical applications that must be 100% available, set the threshold for Applications or Applications and Threats updates to a minimum of 24 hours or more and follow the Best Practices for Applications and Threats Content Updates. Additionally, While scheduling content updates is a one-time or infrequent task, after you’ve set the schedule, you’ll need to continue to Manage New and Modified App-IDs that are included in content releases, as these App-IDs can change how security policy is enforced.
- Click OK to save the schedule settings.
- Click Commit to save the settings to the running configuration.
- Update PAN-OS.
Dynamic Content Updates
Palo Alto Networks frequently publishes updates to equip the firewall with the latest threat prevention and intelligence. ...
Device > Dynamic Updates
Device > Dynamic Updates Device > Dynamic Updates Panorama > Dynamic Updates Palo Alto Networks regularly posts updates that include new and modified applications, threat ...
Set Up Antivirus, Anti-Spyware, and Vulnerability Protectio...
Set Up Antivirus, Anti-Spyware, and Vulnerability Protection Every Palo Alto Networks next-generation firewall comes with predefined Antivirus , Anti-Spyware , and Vulnerability Protection profiles that ...
Schedule Dynamic Content Updates
Schedule Dynamic Content Updates Panorama > Device Deployment > Dynamic Updates To schedule an automatic download and installation of an update , click Schedules , ...
Schedule a Content Update Using Panorama
Schedule a Content Update Using Panorama Panorama™ requires a direct internet connection for scheduling Supported Updates on firewalls, Log Collectors, and WildFire® appliances and appliance ...
Deploy Applications and Threats Content Updates
Take these steps to activate a Threat Prevention license and to set the schedule for a Palo Alto Networks next-gen firewall to get the latest ...
Manage Software and Content Updates
Manage Software and Content Updates Panorama > Device Deployment > Software Panorama provides the following options for deploying software and content updates to firewalls and ...
Enable PAN-DB URL Filtering
Enable PAN-DB URL Filtering Obtain and install a PAN-DB URL filtering license and confirm that it is installed. If the license expires, the firewall ceases ...
Tips for Content Updates
Here’s what you should do to reduce the chance that a content release might impact your network in an unexpected way. ...