Configure the Application Control Update Server

Application Control downloads signature updates from a signature update server. Gateway AV, IPS, Application Control, and Data Loss Prevention all use the same update server settings. When you change configuration of the update server for any of these subscription services, the settings apply to all of these services.

IPS and Application Control signature updates are delivered together in the same update file.

To make sure that the XTM device can connect to the update server, you must add at least one DNS server to your network configuration. The XTM devices uses DNS to resolve the update server URL to an IP address. For more information, see Add WINS and DNS Server Addresses.

Configure Signature Updates

  1. Select Subscription Services > Application Control.
  2. Click Update Server.
    The Update Server settings appear.

  1. To enable automatic signature updates, select the Enable automatic update check box. This option is enabled by default.
  2. From the Interval drop-down list, enter the number of hours between automatic updates.
  3. Select the Intrusion Prevention and Application Control Signatures check box to automatically update signatures at the selected update interval.

Do not change the Update server URL unless you are told to do so by WatchGuard. If you change the URL accidentally or incorrectly, click Reset to return to the last saved setting.

Connect to the Update Server Through an HTTP Proxy Server

If your Firebox or XTM device must connect through an HTTP-proxy to connect to the signature update server, you must add information about the HTTP proxy server to your update server configuration.

  1. In the HTTP Proxy Server section, select the Connect to Update Server using an HTTP proxy server check box.
  2. In the Server Address text box, type the IP address or host name of your HTTP proxy server.
  3. Most HTTP proxy servers receive requests on port 8080. If your HTTP proxy uses a different port, type it in the Server port text box.
  4. From the Server authentication drop-down list, select the type of authentication your HTTP proxy server uses.
  5. Click Save.

Update Signatures Manually

For information about how to see the status of Application Control signature updates, and how to manually force an update to the most current signatures, see Subscription Services Status and Manual Signatures Updates.

Offline Signature Updates

For security reasons, some customer environments require direct control over the distribution and installation of periodic signature updates for signature services such as Gateway AntiVirus, Intrusion Prevention, and Data Loss Prevention.

WatchGuard offers Offline Signature Updates that enables you to download the latest signatures for these services directly from WatchGuard, and then use a script to manually install these files on your Firebox or XTM devices.

A special set of credentials are required to access the signature update files from the WatchGuard servers. For more information, contact your local WatchGuard representative.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base