>
    Strata Copilot
    Automatically Check for and Install Content Updates (API)
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. PAN-OS XML API Use Cases
    4. Automatically Check for and Install Content Updates (API)
    Download PDF
    Next-Generation Firewall

    Automatically Check for and Install Content Updates (API)

    Table of Contents

    Automatically Check for and Install Content Updates (API)

    Learn to set up your PAN-OS firewall to automatically install various content updates.
    Using the XML API, you can programmatically check and install new content updates, including antivirus, WildFire, and GlobalProtect updates. Check for new updates available and download updates that have been released for at least one week.
    Download, upgrade, and installation requests are asynchronous. The API responds with a job ID while it processes your request. In your subsequent request, you use this job ID to check on the result of your original request:
    curl -X POST 'https://firewall/api?type=op&cmd=<show><jobs><id></id></jobs></show>&key=<apikey>"
    1. Check for installed content on your firewall. Run the following request to view current system information:
      curl -X POST 'https://firewall/api?type=op&cmd=<show><system><info></info></system></show>&key=<apikey>"
    2. Confirm that the API response to the request in the previous step includes the currently installed updates on your firewall:
      <response status="success">
  <result>
    <system>
      <hostname>pm-firewall</hostname>
      <ip-address>10.47.0.8</ip-address>
      <netmask>255.255.254.0</netmask>
      <default-gateway>10.47.0.1</default-gateway>
      <is-dhcp>no</is-dhcp>
      <ipv6-address>unknown</ipv6-address>
      <ipv6-link-local-address>fe80::21b:17ff:feff:c04a/64</ipv6-link-local-address>
      <ipv6-default-gateway/>
      <mac-address>00:1b:17:ff:c0:4a</mac-address>
      <time>Mon Jul 11 17:51:37 2016</time>
      <uptime>11 days, 7:38:34</uptime>
      <devicename>pm-firewall</devicename>
      <family>3000</family>
      <model>PA-3020</model>
      <serial>0018010.2104</serial>
      <sw-version>7.1.3</sw-version>
      <global-protect-client-package-version>2.0.0</global-protect-client-package-version>
      <app-version>598-3427</app-version>
      <app-release-date>2016/07/09 22:30:55</app-release-date>
      <av-version>2416-2855</av-version>
      <av-release-date>2016/07/10 11:27:57</av-release-date>
      <threat-version>598-3427</threat-version>
      <threat-release-date>2016/07/09 22:30:55</threat-release-date>
      <wf-private-version>0</wf-private-version>
      <wf-private-release-date>unknown</wf-private-release-date>
      <url-db>paloaltonetworks</url-db>
      <wildfire-version>80426-81466</wildfire-version>
      <wildfire-release-date>2016/07/11 17:45:11</wildfire-release-date>
      <url-filtering-version>2016.07.11.248</url-filtering-version>
      <global-protect-datafile-version>1468280405</global-protect-datafile-version>
      <global-protect-datafile-release-date>2016/07/11 23:40:05</global-protect-datafile-release-date>
      <logdb-version>7.0.9</logdb-version>
      <platform-family>3000</platform-family>
      <vpn-disable-mode>off</vpn-disable-mode>
      <multi-vsys>on</multi-vsys>
      <operational-mode>normal</operational-mode>
    </system>
  </result>
</response>
    3. Note the currently installed versions for the following updates, so that you can compare the values after you check for the latest updates:
      • global-protect-client-package-version: GlobaProtect
      • app-version: Application and threat signatures.
      • av-version: Antivirus signatures
      • wildfire-version: WildFire malware and antivirus signatures
    4. Check for new, available updates with the following requests and store the version field in the response, which is the version field for GlobalProtect, and the app-version field for all others:
      • GlobalProtect:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><global-protect-client><software><check></check></software></global-protect-client></request>&key=<apikey>"
      • WildFire:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><wildfire><upgrade><check></check></upgrade></wildfire></request>&key=<apikey>"
      • Application & Threat:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><content><upgrade><check></check></upgrade></content></request>&key=<apikey>"
      • Antivirus:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><anti-virus><upgrade><check></check></upgrade></anti-virus></request>&key=<apikey>"
      Example response:
      <response status="success"> 
<result> 
<sw-updates last-updated-at="2016/05/19 14:34:34"> 
<msg/> 
<versions> 
<entry> 
<version>4.0.0-c16</version> 
<filename>PanGP-4.0.0-c16</filename> 
<size>44</size> 
<size-kb>45321</size-kb> 
<released-on>2016/07/08 15:41:18</released-on> 
<release-notes> 
<![CDATA[ 
https://firewall/updates/ReleaseNotes.aspx?type=sw&versionNumber=4.0.0-c16&product=gpclient&platform=any 
]]> 
</release-notes> 
<downloaded>no</downloaded> 
<current>no</current> 
<latest>no</latest> 
<uploaded>no</uploaded> 
</entry>  
<!--TRUNCATED-->
      Take note of the released-on XML field to verify that updates have been released for at least a week.
    5. In your script or code, compare the version values for currently installed updates to new, available updates. It is recommended that you only install updates that have been available for at least a week.
    6. Download the latest content updates with these requests:
      • GlobalProtect:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><global-protect-client><software><download><version>versionnumber</version></download></software></global-protect-client></request>&key=<apikey>"
      • WildFire:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><wildfire><upgrade><download><latest></latest></download></upgrade></wildfire></request>&key=<apikey>"
      • Application & Threat:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><content><upgrade><download><latest></latest></download></upgrade></content></request>"
      • Antivirus:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><anti-virus><upgrade><download><latest></latest></download></upgrade></anti-virus></request>&key=<apikey>"
      The response contains a job ID that you can use to check on the status of the request. Example:
      <response status="success" code="19">
  <result>
    <msg>
      <line>Content install job enqueued with jobid 299</line>
    </msg>
    <job>299</job>
  </result>
</response>
      Learn more about Asynchronous and Synchronous Requests to the PAN-OS XML API.
    7. Install the latest content updates with these requests:
      • GlobalProtect:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><global-protect-client><software><activate><version>versionnumber</version></activate></software></global-protect-client></request>&key=<apikey>"
      • WildFire:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><wildfire><upgrade><install><version>latest</version></install></upgrade></wildfire></request>&key=<apikey>"
      • Application & Threat:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><content><upgrade><install>latest</latest></install></upgrade></content></request>&key=<apikey>"
      • Antivirus:
      curl -X POST 'https://firewall/api?type=op&cmd=<request><anti-virus><upgrade><install><version>latest</version></install></upgrade></anti-virus></request>&key=<apikey>"
      The response contains a job ID that you can use to check on the status of the request.

    © 2026 Palo Alto Networks, Inc. All rights reserved.