We have a PA-200 recently deployed at a low bandwidth field site. Monitoring the traffic shows the majority of traffic is from the PA-200 itself, checking for updates, Panorama, Wildfire, etc. Is there a way to configure a PA-200 to only perform this on a scheduled basis? Right now it's transferring about 400Mb per day, which puts it way out at the top of all the traffic reports. I'd really like to quieten it down a lot.
You can schedule Dynamic updates through WebGUI by going to Device > Dynamic Updates.
Also the following documents can be helpful:
Could you please let us know if you have configured any schedule for Wildfire and antivirus. Because, these 2 feature are having the option to get updates every 1 Hr.
First, if you have configured a file blocking profile with action "forward" ( send to wildfire), the suspicious file will be sent to the cloud for analysis, it will take enough bandwidth on your PAN firewall. Secondly, if you are using URL filtering profiles on a security policy and the destination URL's are not available on the Local-DB, the PAN firewall will send the query every time to the Cloud-DB.
Hope this will helps.
PANW firewall will contact wildfire whenever you exchange file across firewall. If file is unknown to wildfire than communication is bigger, if its known than small. You shouldnt disable this behavior else its a security hole.
Now, You can schedule other content updates like antivirus, threat and application. You can schedule them weekly or daily basis depending upon requirement. Do it for night 3:00 AM when traffic is minimum. Follow bellow instructions for the same.
Since your primary requirement is to reduce the bandwidth utilization, i would suggest you to schedule it once in a week (preferably on Sunday/ non-business hours)
Mind that the firewall updates are protecting your network, so I would think that is actually... a good thing.
If you are concerned about saturation, you should explore QoS, and give the Palo Alto Networks firewall updates traffic lesser priority.
Having that said, I would advise against expanding the update schedule, and in favor of correctly prioritizing your traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!