How do I schedule updates for WAF systems?

03/26/2020 2 People found this article helpful 41,956 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

There are several software and data components of the Web Application Firewall that require regular updates to remain secure, resolve newly discovered vulnerabilities, and to take advantage of improved capabilities. 

Automated regular updates protect the integrity of systemic and network security by ensuring updates are implemented on a regular reliable schedule. Automated or scheduled updates are not supported for all of these components. Firmware change does not occur on a very short schedule. The system will check regularly for firmware updates and will notify the admin of the available update.

The WAF firmware itself is regularly improved and software issues resolved in new firmware update releases. Firmware should be kept current.

The underlying Operating System needs to be current to ensure ongoing security.  Linux security updates can occur rapidly and there is no separate mechanism to notify all system users of critical changes. OS update checks can be scheduled to ensure a consistently secure and stable environment.

Web Security signatures develop as new attack vectors are discovered and exploited. This signatures file requires frequent updates. This update can be set to be automatic with the SonicWall back-end system maintaining its status.

Cause

The global Internet security environment continuously develops and changes. There are continuous discoveries of new vulnerabilities and exploits.

Software features develop and mature over time requiring firmware and OS level updates to remain current.

Resolution

System Software:

Under System / Software Updates click on the 'CHECK FOR UPDATES' button to confirm your firmware is current.  The date last checked is displayed. 

1. Login to WAF Appliance, Click on System
2. Click on Software Update.

3. Also under System / Software Updates and under the heading "Critical Operating System Update" the last date the OS updates were checked is displayed beside a 'CHECK FOR UPDATES' button.

4. If critical OS updates are available "There are critical OS updates available." will be displayed beside an "INSTALL NOW" button. Click that to install the OS updates.

OS updates are logged by package and date.  Click "Click here to see update logs." to open a field to examine this log. 

5. Check the box for "Enable Scheduled Critical OS Update" to set the automated update schedule.  Set the time of day for less busy hours.

Web Security:

1. Under Web Security / Status
2. Click the "CHECK FOR UPDATES" button to confirm the Web Security signatures are current.

1. Under Web Security |Settings
2. General tab
3. It is recommended that you check 'Install Signature Updates Automatically' to keep your signature files current. 

Geo IP & Botnet Filter:

1. Under Geo IP & Botnet Filter / Status
2. Click the "CHECK FOR UPDATES" button to confirm the Geo IP & Botnet Filter database is current and to update it if not. 

Related Articles

• How to force an update of the Security Services Signatures from the Firewall GUI
• How to upload security services signatures manually on Closed Environments?
• How to Create Gen 7 Settings File by Using the Online Migration Tool

Categories

• Firewalls > Web Application Firewall > System
• Firewalls > Web Application Firewall > Geo IP & Botnet Filter
• Firewalls > Web Application Firewall > Web Security