Set Up WF-500 Appliance Content Updates

Configure daily content updates for the WF-500 appliance. WF-500 content updates provide the appliance with threat intelligence to facilitate accurate malware detection, improve appliance capability to differentiate malicious samples from benign samples, and ensure that the appliance has the most recent information needed to generate signatures.

Install WF-500 Content Updates Directly from the Update Server Install WF-500 Content Updates from an SCP-Enabled Server

Install WF-500 Content Updates Directly from the Update Server

Install Threat Intelligence Content Updates Directly from the Update Server
Verify connectivity from the appliance to the update server and identify the content update to install.	Log in to the WF-500 appliance and run the following command to display the current content version: admin@wf-500> show system info \| match wf-content-version Confirm that the appliance can communicate with the Palo Alto Networks Update Server and view available updates: admin@wf-500> request wf-content upgrade check The command queries the Palo Alto Networks Update Server and provides information about available updates and identifies the version that is currently installed on the appliance. Version Size Released on Downloaded Installed --------------------------------------------------------- 2-253 57MB 2014/09/20 20:00:08 PDT no no 2-39 44MB 2014/02/12 14:04:27 PST yes current If the appliance cannot connect to the update server, you will need to allow connectivity from the appliance to the Palo Alto Networks Update Server (updates.paloaltonetworks.com), or download and install the update using SCP as described in Install WF-500 Content Updates from an SCP-Enabled Server.
Download and install the latest content update.	Download the latest content update: admin@wf-500> request wf-content upgrade download latest View the status of the download: admin@wf-500> show jobs all You can run show jobs pending to view pending jobs. The following output shows that the download (job id 5) has finished downloading (Status FIN): Enqueued ID Type Status Result Completed --------------------------------------------------------- 2014/04/22 03:42:20 5 Downld FIN OK 03:42:23 After the download is complete, install the update: admin@wf-500> request wf-content upgrade install version latest Run the show jobs all command again to monitor the status of the install.
Verify the content update.	Run the following command and refer to the wf-content-version field: admin@wf-500> show system info The following shows an example output with content update version 2-253 installed: `admin@wf-500>` show system info hostname: wf-500 ip-address: 10.5.164.245 netmask: 255.255.255.0 default-gateway: 10.5.164.1 mac-address: 00:25:90:c3:ed:56 vm-interface-ip-address: 192.168.2.2 vm-interface-netmask: 255.255.255.0 vm-interface-default-gateway: 192.168.2.1 vm-interface-dns-server: 192.168.2.1 time: Mon Apr 21 09:59:07 2014 uptime: 17 days, 23:19:16 family: m model: WF-500 serial: abcd3333 sw-version: 6.1.0 wf-content-version: 2-253 wfm-release-date: 2014/08/20 20:00:08 logdb-version: 6.1.2 platform-family: m
(Optional) Schedule content updates to be installed on a daily or weekly basis.	Schedule the appliance to download and install content updates: admin@WF-500# set deviceconfig system update-schedule wf-content recurring [daily \| weekly] action [download-and-install \| download-only] For example, to download and install updates daily at 8:00 am: admin@WF-500# set deviceconfig system update-schedule wf-content recurring daily action download-and-install at 08:00 Commit the configuration admin@WF-500# commit

Install WF-500 Content Updates from an SCP-Enabled Server

The following procedure describes how to install threat intelligence content updates on a WF-500 appliance that does not have direct connectivity to the Palo Alto Networks Update Server. You will need a Secure Copy (SCP)-enabled server to temporarily store the content update.

Install Threat Intelligence Content Updates from an SCP-Enabled Server
Retrieve the content update file from the update server.	Log in to the Palo Alto Networks Support Portal and click Dynamic Updates. In the WF-500 Appliance section, locate the latest WF-500 appliance content update and download it. Copy the content update file to an SCP-enabled server and note the file name and directory path.
Install the content update on the WF-500 appliance.	Log in to the WF-500 appliance and download the content update file from the SCP server: admin@WF-500> scp import wf-content from username@host:path For example: admin@WF-500> scp import wf-content from bart@10.10.10.5:c:/updates/panup-all-wfmeta-2-253.tgz If your SCP server is running on a non-standard port or if you need to specify the source IP, you can also define those options in the scp import command. Install the update: admin@WF-500> request wf-content upgrade install file panup-all-wfmeta-2-253.tgz View the status of the installation: admin@WF-500> show jobs all
Verify the content update.	Verify the content version: admin@wf-500> show system info \| match wf-content-version The following output now shows version 2-253: wf-content-version: 2-253

Document:WildFire® Administrator’s Guide

Set Up WF-500 Appliance Content Updates

Related Documentation

Document:WildFire® Administrator’s Guide

Set Up WF-500 Appliance Content Updates

Related Documentation

request wf-content

set deviceconfig system update-schedule

delete wildfire-metadata

Configure the WF-500 Appliance

Upgrade a WF-500 Appliance

Manage WF-500 Appliance API Keys

request system wildfire-vm-image

Enable Local Signature and URL Category Generation

Device > Dynamic Updates

Enable WF-500 Appliance Analysis Features