You can update pattern definitions for components, such as signatures, engines, clients, and devices.
Sophos Firewall updates patterns automatically by default. You must update patterns for access points and RED appliances manually. Firmware updates for these devices are available as pattern updates.
Some organizations, such as defense, finance, and research, isolate their networking devices from the internet to create a highly secure environment. When Sophos Firewall is isolated from the internet, it's in an air gap environment. You must have an air gap license before installing these Sophos Firewall devices.
You must update patterns for these devices manually.
In a high-availability cluster, you must update patterns on the primary device. These are automatically synchronized to the auxiliary device.
You can see the status of current pattern versions for the elements listed, the last successful update, and the status of updates. The available version shows the later version when it's available.
- The update status can be Ready to install, Downloading, Success, or Failed.
- To manually update all pattern definitions, click Update pattern now. This action doesn't update the patterns for AP firmware and RED firmware.
Manual pattern update
To manually update the pattern definition for a specific component, do as follows:
To download the patterns, click pattern file.
When you click the link, a
.tarfile starts downloading.
Select the folder in which to save the file.
The file contains pattern definitions of all the modules.
Extract the files.
- Upload the file for the pattern definition you want to update.
- Click Update pattern.
Pattern download and installation
To update pattern definitions automatically, do as follows:
- Turn on Auto update.
To set the time to check the availability of pattern updates, select the Interval from the options.
Access points and RED appliances restart after a pattern update because it updates the firmware. The restart interrupts live connections. The connections reestablish after the update is complete. So, Sophos Firewall only downloads the firmware for these devices but doesn't update the firmware automatically. Click Install to manually install these updates.
IPS and application signatures
Application signatures are always available. IPS signatures are available through automatic and manual pattern updates only when you have the following:
- Active Network Protection subscription or trial license.
- IPS protection turned on (Intrusion prevention > IPS policies).
If either condition isn't met, Sophos Firewall only updates application signatures.
For air gap installations, Sophos Firewall always updates both IPS and application signatures even if IPS protection is turned off.