Configure automatic updates and upgrades

There are several options for handling automatic updates and engine upgrades.

Before you begin

The automatic updates and engine upgrades require the Management Server to be able to connect to the servers at https://⁠update-pool.stonesoft.com and https://⁠smc-pool.stonesoft.com either using HTTPS on port 443 or through an HTTP proxy. You must also have a valid maintenance or support contract.

The Management Server can periodically check for new dynamic update packages, engine upgrades, and licenses. This feature is active by default. In an environment with multiple Management Servers, automatic updates and upgrades must be enabled on the active Management Server (the Management Server that controls all Domains).

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Menu > System Tools > Global System Properties.
  2. On the Updates tab, select Enable Sending Proof-of-License Codes to FORCEPOINT Servers.
    Selecting this option allows you to select settings for dynamic updates and for engine and license upgrades.
  3. Configure the Dynamic Updates settings.
    Note: Because update packages can change system elements, the policies might require editing after update activation.
  4. Select one of the Remote Upgrades for Engines settings.
  5. (Optional) Select Generate and Install New Licenses Automatically to automatically regenerate and install the licenses required for upgrading SMC components to a major new release.
  6. (Optional) Select the Update Check Interval to define how often the SMC checks for new updates.
  7. Click OK.

Global System Properties dialog box — Updates tab

Use this tab to define settings for dynamic updates, engine upgrades, and licenses.

Option Definition
Enable Sending Proof-of-License Codes to FORCEPOINT Servers When selected, allows you to select settings for dynamic updates, and engine and license upgrades.
Dynamic Updates Specifies the dynamic updates options:
  • Do Not Check for Updates. You are not notified of new dynamic updates.
  • Notify When Updates Become Available. You receive an alert when a new dynamic update becomes available. You must manually download and activate the update.
  • Notify and Automatically Download Updates. You receive an alert when a new dynamic update becomes available. The SMC also automatically downloads the update. You must manually activate the update.
  • Automatically Download and Activate Updates The SMC automatically downloads and activates the new dynamic updates.
Notify When Updates Have Been Activated

(Optional)

You receive an alert when the dynamic updates have been activated. This option becomes available when you select Automatically Download and Activate Updates.

You must refresh the policies before the updates take effect. If Refresh Policies After Update Activation is selected, the policies are refreshed automatically. Otherwise, you must refresh the policies manually.

Refresh Policies After Update Activation

(Optional)

The SMC automatically refreshes the policies after activating the dynamic updates. This option becomes available when you select Automatically Download and Activate Updates.
Remote Upgrades for Engines Specifies new engine upgrade options:
  • Do Not Check for Engine Upgrades. You are not notified of new engine upgrades.
  • Notify When Engine Upgrades Become Available. You receive an alert when a new engine upgrade becomes available. You must manually download and install the update.
  • Notify and Automatically Download Engine Upgrades. You receive an alert when a new engine upgrade becomes available. The SMC automatically downloads the new engine upgrade. You must manually install the update.
Generate and Install New Licenses Automatically

(Optional)

When selected, automatically regenerates and installs the licenses required for upgrading SMC components to a major new release.
Check for Updates Specifies how often to check for updates.

Trusted Update Certificate Properties dialog box

Use this dialog box to view the details of the currently active Trusted Updates Certificate.

Option Definition
Subject Name The identifier of the certified entity.
Public Key Algorithm The public key algorithm that was used to sign the certificate.
Key Length The length of the key in bits.
Serial Number The sequence number of the certificate. The number is issued by the CA.
Signature Algorithm Shows the signature algorithm that was used to sign the certificate.
Signed By Shows the CA that signed the certificate.
Subject Alternative Name This field is not used.
Valid From Shows the start date of certificate validity.
Valid To Shows the end date of certificate validity.
Fingerprint (SHA-1) Shows the certificate fingerprint using the SHA-1 algorithm.
Fingerprint (SHA-256) Shows the certificate fingerprint using the SHA-256 algorithm.
Fingerprint (SHA-512) Shows the certificate fingerprint using the SHA-512 algorithm.
Active The Management Server and the NGFW Engines uses this certificate to verify the digital signatures of dynamic update packages and engine upgrades.