Getting started with automatic updates and upgrades

Automatic updates are available for dynamic update packages, remote upgrades for engines, and licenses.

Before dynamic updates and engine upgrades are downloaded and activated or installed, they are verified. The Management Server and the NGFW Engines check the digital signature of each dynamic update or engine upgrade using a valid Trusted Update Certificate. Only updates and upgrades with a valid signature can be downloaded and installed. If there is a verification failure, the administrator receives an error. Verification failure can result from an out-of-date SMC version or an invalid or missing signature.

What automatic updates and engine upgrades do

The Management Server can automatically perform the following tasks:

  • Check for new dynamic update packages and automatically download and install them according to your selection.
  • Check for new engine upgrade packages. Engine upgrades can also be automatically downloaded, but they must always be installed manually.
  • Upgrade the licenses.

When automatic updates and engine upgrades are active, you can also view information regarding the maintenance contract and support level of your licenses in the Management Client.

Limitations

  • (Multiple Management Servers only) Dynamic update packages are downloaded and activated on the active Management Server (the Management Server that controls all Domains). The settings for automatic updates and upgrades are configured in the properties of the active Management Server.
  • There are no automatic updates for the SMC software.
  • New engine software versions might require an upgraded version of the SMC. Check the Release Notes for compatibility information before upgrading the engines.
  • Upgrades and updates (both automatic and manual) require an active maintenance or support contract.
  • If you select the Notify When Updates Become Available setting, you must manually download the updates and engine upgrades.