Connectivity from VS0 and subsequent VS’s when communicating with the proxy for updates
Q: What is the expected behavior of proxy connectivity from VS0 and subsequent VS’s when communicating with the proxy for updates? (I.E. We know that the updates should come from VS0 and if that fails the VS’s should break out direct.. but does this reset should VS0 regain connectivity to the update service?)
A:Different blades use different updating system: IPS- update is done from the mgmt during policy installation. This is done per VS. AntiVirus & AntiBot- VS0 download the update and each VS uses it. If VS0 failed to download updates (for example- no internet connectivity) , other VSs will download the updates themselves without sharing it with other VSs. this is done for each update individually (meaning that in the next update, vs0 will attempt to get the update again). URLF & APPI- VS0 must be connected to the internet in order to get into the APPI & URLF DB. If it fails, the VSs do not get the updates by themselves
When working with proxy servers, you can define proxy server for each VS from SDB (for checkpoint products). Updates per VS will use these proxy servers.