Updates
Some features on SNS firewalls require regular updates (enabled by default in System > Active Update). The complete absence of updates would prevent the SNS firewall from obtaining security patches and renewing information databases. These updates can be applied:
-
Offline by setting up an internal mirror,
-
Online, through a proxy server or directly.
If the update is applied online, there will be as much management traffic as SNS firewalls in the IS. This may cause excessive bandwidth consumption. Using an internal mirror will therefore make it possible to restrict the number of SNS firewalls allowed to access the Internet.
The SMC server can be used as an internal mirror for SNS firewall updates. This feature can be enabled from Configuration > Active Update server on the SMC server.
R24 | SNS | Update from an internal mirror
Services should be updated regularly by enabling automatic updates and using an internal mirror.
For online use, ensure that only the SNS firewall uses the connection to the update server, only to this destination and for this sole purpose. This can be done by configuring a proxy server with authentication. The access account used on the proxy must be a dedicated account and hold restricted access privileges to features that the SNS firewall must access (URL filtering and IP traffic strictly required for update operations on SNS firewalls, i.e., the URLs update{1,2,3,4}-sns.stormshieldcs.eu and licence{1,2,3,4}-sns.stormshieldcs.eu).
R24 ⁃ | SNS | Update through a proxy
If there is no internal mirror, the SNS firewall must access the mirror online over the Internet through an authentication proxy with a dedicated account and an adapted filter policy.