Configure automatic updates and upgrades
There are several options for handling automatic updates and engine upgrades.
Before you begin
- You must have a valid maintenance or support contract.
- Automatic dynamic updates and engine upgrades require the Management Server to be able to connect to https://smc-pool.stonesoft.com and to one of the following services using HTTPS on port 443:
- CDN dynamic update service at https://autoupdate.ngfw.forcepoint.com
- Legacy dynamic update service at https://update-pool.stonesoft.com
The Management Server can periodically check for new dynamic update packages, engine upgrades, and licenses. This feature is active by default. In an environment with multiple Management Servers, automatic updates and upgrades must be enabled on the active Management Server (the Management Server that controls all Domains).
Update Service elements define sets of URLs for automatic dynamic updates and engine upgrades. You can optionally change which Update Service element is used for automatic dynamic updates and engine upgrades.
For more details about the product and how to configure features, click Help or press F1.
Steps
Global System Properties dialog box — Updates tab
Use this tab to define settings for dynamic updates, engine upgrades, and licenses.
Option | Definition |
---|---|
Allow Sending License and Installation Telemetry Data to Forcepoint Servers | When selected, allows the Management Server to send information about the installed components and licenses to the Forcepoint NGFW Updates and Upgrades service. You must select this option to configure settings for dynamic updates, and engine and license upgrades. |
View Telemetry Data | Shows the telemetry data that is collected when SMC version 6.5 or higher connects to the Forcepoint NGFW Updates and Upgrades service. |
Dynamic Updates | Specifies the dynamic updates options:
|
Update Service | Specifies the update service that is used for automatic dynamic updates. Click Select to select an element.
|
Notify When Updates Have Been Activated
(Optional) |
You receive an alert when the dynamic updates have been activated. This option becomes available when you select Automatically Download and Activate Updates. You must refresh the policies before the updates take effect. If Refresh Policies After Update Activation is selected, the policies are refreshed automatically. Otherwise, you must refresh the policies manually. |
Refresh Policies After Update Activation
(Optional) |
The SMC automatically refreshes the policies after activating the dynamic updates. This option becomes available when you select Automatically Download and Activate Updates. |
Remote Upgrades for Engines | Specifies new engine upgrade options:
|
Upgrade Service | Specifies the upgrade service that is used for automatic engine upgrades. Click Select to select an element.
|
Generate and Install New Licenses Automatically
(Optional) |
When selected, automatically regenerates and installs the licenses required for upgrading SMC components to a major new release. |
Check for Updates | Specifies how often to check for updates. |
Update Service Properties dialog box
Use this dialog box to show the properties of the default Update Service elements.
Option | Definition |
---|---|
Name | The name of the element. |
TLS Profile | Shows the selected TLS Profile element. |
TLS Server Identity | Shows the configured TLS Server identity. |
Time-Out | Shows the time-out interval after which the SMC automatically tries to connect to the next URL in the list if the first URL is not available. |
Retry | Shows the number of times that the SMC tries to connect to a URL before it tries to connect to the next URL in the list. |
URLs | Shows the URLs of the update services. The SMC automatically tries to connect to the URLs in the order in which they are listed. |
Comment (Optional) |
A comment for your own reference. |
Trusted Update Certificate Properties dialog box
Use this dialog box to view the details of the currently active Trusted Updates Certificate.
Option | Definition |
---|---|
Subject Name | The identifier of the certified entity. |
Public Key Algorithm | The algorithm used for the public key. |
Key Length | The length of the key in bits. |
Serial Number | The sequence number of the certificate. The number is issued by the CA. |
Signature Algorithm | The signature algorithm that was used to sign the certificate. |
Signed By | The CA that signed the certificate. |
SubjectAltName | The subject alternative name fields of the certificate. |
Valid From | The start date of certificate validity. |
Valid To | The end date of certificate validity. |
Fingerprint (SHA-1) | The certificate fingerprint using the SHA-1 algorithm. |
Fingerprint (SHA-256) | The certificate fingerprint using the SHA-256 algorithm. |
Fingerprint (SHA-512) | The certificate fingerprint using the SHA-512 algorithm. |
Active | The Management Server and the NGFW Engines uses this certificate to verify the digital signatures of dynamic update packages and engine upgrades. |