< Home

Local Update

If the device cannot access the security center, locally update the signature databases.

Prerequisites

The update package has been uploaded to the memory of the FW using SFTP, FTP or TFTP.

Procedure

  1. Download the update package.
    1. Log in to Huawei security center (isecurity.huawei.com) and choose Signature Update > Signature Update.
    2. Select the product type, series, name, and version.
    3. Click the tab of the signature database to be updated.
    4. Download the signature database file.

      Click download icon on the right side. The Detail dialog box is displayed.

      Certain signature database files have auxiliary files to further describe the signature databases or version changes:

      • Auxiliary file of the service awareness signature database:

        The file "SA-SDB_Classified Application Protocol ID_x.x.xls" is bilingual (Chinese and English). It describes the application categories, application subcategories, software information, application information, and application bearer information supported by the FW.

        x.x in the file name specifies the file version, corresponding to a specific signature database version. Query the correct auxiliary file based on the support condition on the device.

      • Auxiliary file of the IPS signature database: describes the addition, deletion, and modification of IPS signatures, as well as vulnerability information about the signatures.

      • Auxiliary file of the antivirus signature database: describes information about changed virus families.

  2. Upload the update package to the memory of the FW.

    The upgrade package can be placed in any directory of the FW storage. However, the root directory is recommended.

    The signature database files are in ZIP format. You can upload them directly to the FW without decompressing them.

  3. Access the system view.

    system-view

  4. Enable the local update function.

    update local { av-sdb | cnc | file-reputation | ip-reputation | ips-sdb | sa-sdb | location-sdb | asset-sdb } file filename

  5. Optional: Run the update hrp-standby enable command to configure the function of separately updating the signature database on the standby device.

    By default, the function of separately updating the signature database on the standby device is disabled. That is, after the signature database on the active device is updated, the signature database is automatically synchronized to the standby device.

    By default, after the signature database on the active device is updated, the signature database is automatically synchronized to the standby device. This improves the efficiency of signature database update and prevents inconsistent content security detection capabilities on the active and standby devices. If the active device cannot synchronize the signature database to the standby device (for example, the heartbeat interface between the active and standby devices is abnormal), you can run this command to separately update the signature database on the standby device.

Parent Topic: Updating Signature Databases Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >