Dynamic Updates Upgrade Guide for Palo Alto Networks Firewalls

Overview

Dynamic updates in Palo Alto Networks firewalls include critical components such as Applications and Threats, Antivirus, WildFire, and URL Filtering. Keeping these updates current ensures optimal security posture. This guide outlines the procedures for upgrading dynamic updates both via Panorama and directly on individual firewalls.

Upgrading Dynamic Updates via Panorama

  1. Access Dynamic Updates:
    • Navigate to Panorama > Device Deployment > Dynamic Updates .
    • Click Check Now to retrieve the latest updates.
  2. Download Updates:
    • For each update type (e.g., Applications and Threats, Antivirus), click Download to fetch the latest version.
  3. Install Updates:
    • After downloading, click Install .
    • Select the target firewalls for the update.
    • Click OK to initiate the installation.
  4. Schedule Automatic Updates:
    • Go to Panorama > Device Deployment > Dynamic Updates and click on Schedules .
    • Click Add to create a new schedule.
    • Specify the update type, frequency, and target devices.
    • Choose Download And Install as the action.
    • Click OK to save the schedule.

Note: For large-scale deployments, consider configuring firewalls to download updates directly from Palo Alto Networks servers to reduce load on Panorama. Source

Upgrading Dynamic Updates Directly on the Firewall

  1. Access Dynamic Updates:
    • Navigate to Device > Dynamic Updates .
    • Click Check Now to retrieve the latest updates.
  2. Download and Install Updates:
    • For each update type, click Download .
    • Once downloaded, click Install to apply the update.
  3. Schedule Automatic Updates:
    • In the Dynamic Updates section, click on the Schedule link next to each update type.
    • Configure the desired frequency and action (e.g., Download Only, Download and Install).
    • Click OK to save the schedule.

Note: Ensure that the firewall has internet connectivity to reach Palo Alto Networks update servers for direct downloads. Source

Mermaid Sequence Diagram

sequenceDiagram participant Admin participant Panorama participant Firewall Admin->>Panorama: Check for Updates Panorama->>Panorama: Download Updates Admin->>Panorama: Install Updates to Firewall Panorama->>Firewall: Push Updates Firewall->>Firewall: Apply Updates

Sample PCNSE Exam Question

Question: What is the recommended method for managing dynamic updates in a large-scale deployment with multiple firewalls?

Correct Answer: B

Explanation: In large-scale deployments, configuring each firewall to download dynamic updates directly from Palo Alto Networks servers is recommended to reduce the load on Panorama and ensure timely updates. This approach minimizes the risk of Panorama becoming a bottleneck, especially when managing numerous firewalls. By allowing firewalls to independently retrieve updates, the overall efficiency and reliability of the update process are enhanced.

References