If the Control Center has no direct Internet access, you can copy file updates from an up-to-date F-Series Firewall to the Control Center. An Energize Updates subscription is required on the Control Center for the following pattern updates:
- Application Control definitions
- Avira virus scanner patterns
- Browser Agent definition
- ClamAV virus scanner patterns
- File Content definitions
- Botnet and Spyware protection
- Geolocation database
- IPS patterns
- SSL VPN templates
Step 1. Create a Directory for the Offline Patterns
- Log in to the Control Center via SSH.
- Create a directory for the update files. E.g.,
- Create a sub-directory for each pattern update type: E.g.,
Step 2. Set the Update Mode to Offline
Set the operational mode to offline and enter the directory created in step 1 as the new source directory for the pattern updates.
- Log in to the Control Center.
- Go to CONTROL > File Updates.
- From the Area Configuration drop-down list, select the update type.
- Click Set Area Config.
- Set the Mode to Offline.
- In the Offline Source Path field, enter the path for pattern source directory created in step1. E.g.,
/tmp/offlineupdates/ips, or /var/phion/tmp/offlineupdates/ngsslvpn
- Click OK.
Repeat this step for all patterns you want to update.
Step 3. Copy the Update Files from an F-Series Firewall
Use the up-to-date IPS patterns on an F-Series Firewall as the source for the offline update of the Control Center IPS patterns.
- Log into an F-Series Firewall.
- For each offline pattern update configured above, copy the pattern files from the F-Series firewall to the Offline Source Path for the respective service on the Control Center. Patterns are located in the following directories on the F-Series Firewall:
- Application Control definitions – /var/phion/mcdownload/appid/
- Avira virus scanner patterns – /var/phion/mcdownload/avira/
- Browser Agent definition – /var/phion/mcdownload/agentid/
- ClamAV virus scanner patterns – /var/phion/mcdownload/clam/
- File Content definitions – /var/phion/mcdownload/contentid/
- Botnet and Spyware protection – /var/phion/mcdownload/dnsblacklist/
- Geolocation database – /var/phion/mcdownload/geo/
- IPS patterns – /var/phion/mcdownload/ips/
- SSL VPN templates – /var/phion/mcdownload/ngsslvpn/
Step 4. (IPS only) Trigger IPS Update on the Control Center
On the firewall/box level of the Control Center:
- Go to CONTROL > Server.
- In the IPS section on the right, click Update.
Offline updates to the IPS database are shown in the IPS version history and are also logged. For information on how to check the subscription status of the IPS Database, see How to Check the IPS Security Subscription Status.