Manage Content Updates

Content updates are categorized on the Support Portal by ESM version. To update the default policy of the ESM Console, you must use a content update for your ESM version. After you install a content update, the ESM Server transparently distributes any changes to the default policy to your endpoints. This occurs at the next heartbeat communication with the Traps agent.
Before the ESM Server can check for updates, you must enable SSL/TLS 1.2 communication between the ESM Server and the following sites on port 443:
  • updates.paloaltonetworks.com
  • downloads.paloaltonetworks.com
  • proditpdownloads.paloaltonetworks.com
  • prod.itpdownloads.paloaltonetworks.com
After the ESM Console installs the content update, it displays details including version number, release date, and the date on which you installed the content package. You can also view the installed content update version from the footer on each page of the ESM Console. For example, if the ESM Console displays the version as
v4.2.0.35411, 19-3118
, the installed content update version is
19-3118
.

Manually Install Content Updates

If you want to choose when to install a content update, configure the ESM Console for manual content updates. With this option, you manually download the content update from the Support Portal and install it in the ESM Console.
  1. Log in to the ESM Console and select
    Settings
    ESM
    Content Updates
    .
  2. (
    Optional
    ) If you do not want the ESM to automatically check for or install content updates when they are available, configure your content update settings for manual updates.
    1. Select
      Settings
      .
    2. If the content update settings dialog does not automatically populate the text field with your serial number, obtain the serial number associated with your license and enter it into the text field.
      First-time installations of ESM 4.0 and later releases automatically include the serial number as part of your license.
      If your first ESM installation was older than ESM 4.0, you must obtain the serial number from the Support Portal: Select
      Assets
      Advanced Endpoint Protection
      .
      Identifying Your License Serial Number
    3. Select
      Manual Update
      to prevent the ESM from checking or installing content updates automatically.
      Use this option if you want to install the latest content update at a time of your choice.
    4. Click
      Save
      .
  3. Manually install a content update:
    • To install the latest content update,
      Check Now
      for the latest updates and then
      Update Now
      to download and install it.
    • To install an older content update version:
      1. Open the Support Portal, using one of the following options:
        • Select
          Support Site
          on the ESM Console and then select
          DYNAMIC UPDATES
          .
        • Open a new browser window and navigate to the Support Portal and then select
          DYNAMIC UPDATES
          .
      2. Review the Release Notes for the content update you want, and then download it to a location that is accessible from the ESM Console.
      3. From the ESM Console, select
        Upload and Apply
        ,
        Browse
        to the content update package, and click
        Upload
        .
        If the content update is older than the current version, the ESM Console displays a warning message.

Automatically Check for Content Updates

If you want to know when new content updates are available, but do not want the ESM to automatically install new content updates, use the following workflow:
Before you can enable the ESM Server to automatically check for updates, you must enable SSL/TLS 1.2 communication between the ESM Server and the updates server (updates.paloaltonetworks.com) on port 443.
  1. Log in to the ESM Console and select
    Settings
    ESM
    Content Updates
    .
  2. Click
    Settings
    .
  3. If the content update settings dialog does not automatically populate the text field with your serial number, obtain the serial number associated with your license and enter it into the text field.
    First-time installations of ESM 4.0 and later releases automatically include the serial number as part of your license.
    If your first ESM installation was older than ESM 4.0, you must obtain the serial number from the Support Portal: Select
    Assets
    Advanced Endpoint Protection
    .
  4. Identify the content update for your ESM release (typically the latest available content update version), and then review the associated Release Notes.
  5. Select
    Check for updates
    .
    When you select this option, the ESM automatically checks (once daily) for the latest content updates. Using this option provides a hybrid mode of the manual and automatic options where the ESM automatically retrieves information about the latest content update version but allows you to decide when to install (and distribute) the update. When a content update is available, the ESM Console displays the content update version in the
    Available
    field in the Latest Content Update area. When you are ready to download and install the content update, click
    Update Now
    .
  6. Click
    Save
    .

Automatically Install Content Updates

By enabling the ESM to automatically obtain, install, and distribute the latest content update version, you can ensure your agents receive the latest recommended security policy as soon as it is available.
Before you can enable the ESM Server to automatically install content updates, you must enable SSL/TLS 1.2 communication between the ESM Server and the updates server (updates.paloaltonetworks.com) on port 443.
  1. Log in to the ESM Console and select
    Settings
    ESM
    Content Updates
    .
  2. Click
    Settings
    .
  3. If the content update settings dialog does not automatically populate the text field with your serial number, obtain the serial number associated with your license and enter it into the text field.
    First-time installations of ESM 4.0 and later releases automatically include the serial number as part of your license.
    If your first ESM installation was older than ESM 4.0, you must obtain the serial number from the Support Portal: Select
    Assets
    Advanced Endpoint Protection
    .
  4. Identify the content update for your ESM version (typically the latest available content update version), and then review the associated Release Notes.
  5. Select
    Install Updates
    (default).
    When you select this option, the ESM automatically downloads, installs, and distributes the latest content update to the agents at the next heartbeat communication.
  6. Click
    Save
    .

Revert to the Previous Content Update

For convenience, the ESM Console maintains up to two content updates at a time: the current update and the previous update. From the
Content Updates
page, you can view information about the content updates, roll back to previous content update versions, or install a new (or older) version of a content update. To revert to an older version of a content update, you must download the package from the Support Portal and install it as you would a new update.
  1. Log in to the ESM Console and select
    Settings
    ESM
    Content Updates
    .
  2. Review the Release Notes for the previous content update as needed and then
    Revert
    .
    The ESM Console restores the previous set of default policy rules and distributes them to the endpoints at the next heartbeat communication.

Recommended For You