Install WildFire Content Updates from an SCP-Enabled Server

The following procedure describes how to install threat intelligence content updates on a WildFire appliance that does not have direct connectivity to the Palo Alto Networks Update Server. You will need a Secure Copy (SCP)-enabled server to temporarily store the content update.
  1. Retrieve the content update file from the update server.
    1. Log in to the Palo Alto Networks Support Portal and click
      Dynamic Updates
      .
    2. In the WildFire Appliance section, locate the latest WildFire appliance content update and download it.
    3. Copy the content update file to an SCP-enabled server and note the file name and directory path.
  2. Install the content update on the WildFire appliance.
    1. Log in to the WildFire appliance and download the content update file from the SCP server:
      admin@WF-500>
      scp import wf-content from username@host:path
      For example:
      admin@WF-500>
      scp import wf-content from bart@10.10.10.5:c:/updates/panup-all-wfmeta-2-253.tgz
      If your SCP server is running on a non-standard port or if you need to specify the source IP, you can also define those options in the
      scp import
      command.
    2. Install the update:
      admin@WF-500>
      request wf-content upgrade install file panup-all-wfmeta-2-253.tgz
    3. View the status of the installation:
      admin@WF-500>
      show jobs all
  3. Verify the content update.
    Verify the content version:
    admin@WF-500>
    show system info | match wf-content-version
    The following output now shows version 2-253:
    wf-content-version: 2-253

Recommended For You