IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Updates
Some features on SNS appliances require regular updates (enabled by default in System > Active Update). The complete absence of updates would prevent the firewall from obtaining security patches and renewing information databases. These updates can be applied:
-
Offline by setting up an internal mirror,
-
Online, through a proxy server or directly.
If the update is applied online, there will be as much management traffic as SNS appliances in the IS. This may cause excessive bandwidth consumption. Using an internal mirror will therefore make it possible to restrict the number of appliances allowed to access the Internet.
R24 | Update from an internal mirror
Services should be updated regularly by enabling automatic updates and using an internal mirror.
For online use, ensure that only the firewall uses the connection to the update server, only to this destination and for this sole purpose. This can be done by configuring a proxy server with authentication. The access account used on the proxy must be a dedicated account and hold restricted access privileges to features that the appliance must access (URL filtering and IP traffic strictly required for update operations on SNS appliances, i.e. the URLs update{1,2,3,4}.stormshield.eu and licence{1,2,3,4}.stormshield.eu).
R24 ⁃ | Update through a proxy
If there is no internal mirror, the SNS appliance must access the mirror online over the Internet through an authentication proxy with a dedicated account and an adapted filter policy.