The update ext-server ext-url-sdb command configures parameters for interconnection between the FW and an external update server, including the URI and CA certificate.
The undo update ext-server ext-url-sdb command deletes parameters for interconnection between the FW and an external update server.
update ext-server ext-url-sdb uri uri-address ca-certificate certificate-name
undo update ext-server ext-url-sdb
| Parameter | Description | Value |
|---|---|---|
uri uri-address |
Specifies the URI of the external update server. For example, https://192.168.1.1/url-list.txt, where 192.168.1.1 is the IP address of the external update server or a domain name. /url-list.txt is the path of the external dynamic malicious URL file. Only the HTTPS protocol can be used for interconnection between the FW and an external update server. The default port number is 443. If the port number is not 443, the configured URI must carry the specific port number. |
The value is a string of 1 to 128 characters. |
ca-certificate certificate-name |
Specifies the CA certificate used to authenticate the external update server. The CA certificate is used to verify the external update server. The CA certificate can be obtained from the external update server. The obtained CA certificate can be referenced only after being imported to the FW. For details on how to import a CA certificate, see SSL-Encrypted Traffic Detection.
NOTE:
Only the CA certificate in PEM format can be imported for interconnection between the FW and an external update server. The CA certificate that is being referenced cannot be modified or deleted. When the undo update ext-server ext-url-sdb command is used, the CA certificate is unbound. Then the CA certificate can be modified or deleted. |
The value is a case-insensitive string of 1 to 64 characters. |
URLs can be filtered based on the external malicious URL list. The external dynamic malicious URL list is a text file of malicious URLs released by external official websites. By updating the external malicious URL signature database, the FW downloads the latest external dynamic malicious URL list from the external official websites and loads it to its cache. To enable the device to identify and block the latest malicious URLs in a timely manner, you need to upgrade the external malicious URL signature database from the external official websites to update the external malicious URL signature database in the device cache. Before upgrading the external malicious URL signature database, run this command to ensure that the FW can connect to the external update server.