12-16-2024 03:36 AM
Hi,
i have an air-gap infra, wherein a panorama vm(ha) managing firewalls. All updates are being done manually on each fws and panorama separately.
In Panorama Dynamic updates>>Applications and threats>>> Filename 8923-9118 panupv2-all-apps-8923-9118 is installed. However, in firewalls panupv2-all-contents-8923-9118 is installed.
Whats is the difference and what should followed? I mean it should same on panorama as well as fws?
Since i received it likewise i need to understand the difference.
Thanks
12-16-2024 08:08 AM - edited 12-16-2024 11:40 PM
Hello @zaidshaikh ,
All-Apps - Includes new and updated application signatures. This update does not require any additional subscriptions, but it does require a valid maintenance/support contract. New application updates are published weekly.
All-Content - Includes new and updated application and threat signatures. This update is available if you have a Threat Prevention subscription (and you get it instead of the Applications update). New Applications and Threats updates are published weekly.
Let's assume that on your Panorama you want to configure an exception for a false positive threat ID and to push on your managed firewall. If your Panorama doesn't have threat signatures database, then you will not be able to configure any exception based on thread id.
Also, it's recommended that the dynamic content update version on Panorama to not be greater then the same dynamic content type on the managed firewalls.
12-17-2024 04:58 AM
Thank you for the reply,
I am using panorama just for configuration purpose, updates management is being done manually on each managed firewalls respectively.
Also the threat license is there in firewalls, so my questions is shall i maintain the same approach of updating the panorama with panupv2-all-apps-xxxx and firewalls with panupv2-all-contents-xxxx?
12-17-2024 07:33 AM
Since you are using Panorama for configuration purposes, you should have on Panorama the same updates type that you have on your managed firewalls.
If on managed firewalls you have panupv2-all-contents-xxxx, then you should have on Panorama also panupv2-all-contents-xxxx.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
