Today, I want to cover dynamic updates, including going over the answers to the following questions:
Am I getting my updates?
How do I know when an update is available?
Can I schedule updates?
Note: Any update that I will be referring to requires a software subscription license in order to get the latest updates. If you do not know, you can check inside of the WebGUI > Device > Licenses and see if you have the required licenses.
Am I getting my updates?
The first place I look is the main dashboard in the WebGUI:
In the dashboard, we're looking for Application, Threat and Antivirus version.
We can quickly see if we are up-to-date or not. In this example, it would appear that all versions have been updated quite recently. But even if the Applications, Threats and Antivirus are current, we would still need to continue to ensure that you do not miss any future updates.
Let’s go to the Dynamic Updates section (Device > Dynamic Updates). We'll focus on the Applications and Threats and the Antivirus sections:
First, take a look at what's currently installed (1).
You can see that the Antivirus update was installed on 2022/10/23 and the Applications and Threats on 2022/10/17.
How do I know when a dynamic update is available?
To see if a new update is available, click on the “Check Now” button in the lower left hand corner of the Dynamic Update page (2). In doing so, your device will check for updates on the Palo Alto Networks servers. Note that your management interface requires internet access to perform this action. Alternatively, you can configure a service route if the management interface can't access the internet. Learn more in the PAN-OS Networking Administrator’s Guide: How to Configure Service Routes.
How do I schedule updates?
To schedule updates, click on the hyperlink next to "Schedule" (3). One of the following pop-ups will appear:
You can set the recurrence to perform the schedule, including a specific time to perform this action:
You can set the action:
You can also set a minimum threshold of time that a content update must be available before the firewall installs it. This is to prevent you from installing erroneous content updates, and ensures that the firewall only installs content releases that have been available and functioning in customer environments for a specified amount of time. Neat, right?
For Applications and Threats content updates, you can also set a threshold that applies specifically to content updates with new and modified applications. An extended application threshold gives you more time to assess and adjust your security policy based on changes that new or modified applications introduce. You can also opt to "Disable new apps in content update". This option enables protection against the latest threats while giving you some flexibility. For example, you can first prepare policy updates for newly identified applications, then safely enable new applications that may be treated differently following the update.
Lastly, I would like to talk about the "Revert" option that you see in the Action column (4). In the unlikely event that a recent update causes issues, the revert option allows you to quickly go back to a previously used version. This is a quick and easy rollback-method, in case you can't stay on the new version to debug the situation.
So, have you scheduled your dynamic updates?
Feel free to share your questions, comments and ideas in the section below.