Getting started with manual dynamic updates

It is important to keep the system policies and situations up to date so that newly discovered vulnerabilities can be detected. Changes and additions are provided in dynamic update packages.

Dynamic updates are available at https://⁠autoupdate.ngfw.forcepoint.com.

Dynamic update packages are imported to the Management Server manually or automatically. Before the import, the Management Server verifies the digital signature of the dynamic update package using a valid Trusted Update Certificate. The signature must be valid for the import to succeed. Verification failure can result from an out-of-date Secure SD-WAN Manager version, in which case the Secure SD-WAN Manager must be upgraded, or an invalid or missing signature, in which case the administrator must obtain an official dynamic update package.

What dynamic updates do

Dynamic update packages provide updates for Engines, especially for deep inspection features. For example, new threat patterns and changes in the system Templates and Policies are introduced in dynamic updates for up-to-date detection. They can also revise the default elements you use to configure the system.

Limitations

Some limitations apply to installing dynamic updates:
  • You might need to upgrade first before you can use a certain dynamic update package. For more information about the update packages, see the Release Notes.
  • If there are several Domains defined in the Secure SD-WAN Manager, manual dynamic updates can only be installed in the Shared Domain.

What do I need to know before I begin?

As an alternative to downloading the updates manually as explained here, you can configure the dynamic updates to be downloaded and optionally activated automatically.

Malware database updates are always done automatically and directly by the engines. Updates are always active when the anti-malware feature is active.