This help contains the following topics:
A signature library is a collection of common signatures used for service identification. The company's official website releases up-to-date signatures in the form of signature library files. You can manually download the files or configure the device to automatically download the files to update the signature libraries. You can also restore the signature library to the factory defaults for a service module. The signature libraries include the IPS signature library, URL filtering signature library, Web application protection, location identification signature library, APR signature library, virus signature library, IP reputation signature library, URL reputation signature library, and domain reputation signature library.
The following methods are available for updating the signature library for a DPI service module:
Automatic update.
The device automatically downloads the most up-to-date signature file to update its local signature library periodically.
Online update.
The device downloads the most up-to-date signature file to update its local signature library immediately after you trigger the operation.
Manual update.
Use this method when the device cannot obtain the signature file automatically.
You must manually download the most up-to-date signature file, and then use the file to update the signature library on the device.
If filtering false alarms or filtering exceptions occur on a DPI service module frequently, you can roll back its signature library to the factory default version.
Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.
To upgrade the signature library for a DPI service module such as APR, IPS, anti-virus, Web application protection, URL filtering, IP reputation, domain reputation, or URL reputation, you must purchase and install the required license. After the license for a DPI service module expires, you can still use the existing signature library, but you can no longer upgrade the signature library. For more information about licensing, see the license management help.
Signature library upgrade and factory default rollback causes transient DPI service interruption. DPI-based services might also be interrupted. For example, security policies cannot control access to applications.
Do not perform signature library upgrade or factory default rollback when the device's free memory is below the normal state threshold. The signature library upgrade or factory default rollback operation performed under such conditions is likely to fail and the DPI service will be affected.
You can upgrade only one signature library at a time.
Signature library upgrade is supported only on the default context. You only can view signature library version information on a non-default context.
The IP reputation, URL reputation, and domain reputation are time-sensitive and the factory version is not supported currently. Before using these functions, first upgrade the corresponding signature library as a best practice. Restoring IP reputation, URL reputation, and domain reputation signature library to the factory defaults will remove the existing signature libraries.
Before updating a signature library, click Test signature library server connectivity to test the connectivity to the signature library server. If you fail to connect to the server, resolve the issue according to the information on the Information window displayed.
You can configure a proxy server through which the device can access the company's official website for automatic or immediate online signature library update.
Perform this task to configure automatic signature library update for a DPI service module.
For automatic signature library update to work correctly, make sure the device can access the company's official website to obtain the latest signature file.
Click the System tab.
In the navigation pane, select Upgrade Center > Signature Upgrade.
Click the box in the Auto update column for a signature library.
In this example, click the box in the Auto update column for the IPS signature library.
The Configure Scheduled Update For IPS Signature Library window opens.
Set the scheduled update time.
The automatic signature library update starts actually at a random time between the following time points:
One hour before the scheduled update time.
One hour after the scheduled update time.
Click OK.
Anytime you find a release of new signature library version on the company's official website, you can trigger the device to immediately update the local signature library.
Click the System tab.
In the navigation pane, select Upgrade Center > Signature Upgrade.
Click Online update in the Actions column for the signature library.
Click OK in the confirmation dialog box that opens.
Perform this task to manually update the signature libraries for DPI service modules by using locally stored signature files.
Use this method if the device cannot access the signature database services on the company's official website.
Store the update file on the master device for successful signature library update.
Click the System tab.
In the navigation pane, select Upgrade Center > Signature Upgrade.
On the page that opens, click Signature Database Services in the Actions column for a signature library to access the signature database service area at the official website. You can download signature files as needed.
Click Manual update in the Actions column for a signature library. In this example, click Manual update for the IPS signature library.
The Update IPS Signature Library window opens.
Click Select to select the local update file.
Click OK.
To update the signature library, the device must access the signature library server on the company's official website to obtain the signature file.
Perform this task to configure the signature library server parameters.
Click the System tab.
In the navigation pane, select Upgrade Center > Signature Upgrade.
Click Configure Signature Library Server.
The Configure Signature Library Server window opens.
Configure the signature library server settings.
Table-1 Signature library server configuration items
Item | Description |
Source IP | Configure the source IP address used by the device to send online upgrade request packets to the signature library server.
|
Destination VRF | Configure the VRF to which the signature library server belongs. When the device is connected to the signature library server through VRF, you must specify the VRF in this field. If you do not specify the VRF, signature library upgrade will fail. |
Click OK.
Signature library server connectivity test identifies the connection status between the device and the signature library server during a signature library upgrade to confirm successful connection to the server. After you click Test signature library server connectivity, the device will attempt to connect to the signature library server and return the result of the connection status. If the connection fails, the administrator can troubleshoot connection issues based on the interface prompts, ensuring that the device can successfully perform a signature library upgrade.
To test signature library server connectivity:
Click the System tab.
In the navigation pane, select Upgrade Center > Signature Upgrade.
Click Test signature library server connectivity. The device will attempt to connect to the signature library server and return the result of the connection status.
The device must access the company's official website for immediate or scheduled signature library update. If direct connectivity is not available, the device can access the company's official website through the specified proxy server.
Click the System tab.
In the navigation pane, select Upgrade Center > Signature Upgrade.
Click Configure proxy server.
The Configure Proxy Server window opens.
Configure the proxy server settings, including the server address, port number, login username, and login password.
Click OK.
Click the System tab.
In the navigation pane, select Upgrade Center > Signature Upgrade.
Click Roll back in the Actions column for a signature library. In this example, click Roll back for the IPS signature library.
The Roll Back IPS Signature Library window opens.
Select Roll back to factory default.
Click Apply.