Updating local databases of Kaspersky NGFW components

Local databases of components on a Kaspersky NGFW device are automatically updated every two hours as part of a unified task. For each component, Kaspersky NGFW checks for updates of local databases and the updates, if available, are downloaded, verified, and installed on the device.

Kaspersky NGFW updates the following local databases:

• Local databases of the Anti-Virus security engine
• Local databases of the Web Control security engine
• Local databases of the DNS Security security engine
• Local signature databases of the IDPS security engine
• The configuration of cloud services
• The list of URLs excluded by default when scanning encrypted connections
• Local DPI databases

The result of a local database update is recorded in the system event log. If an error occurs while updating local databases, the event of the update task lists the components whose local databases could not be updated and the step at which the error occurred.

You do not need to reconfigure the rules after updating the local databases because the update does not affect the rules previously configured on the component. Updating local databases also does not affect active sessions on the device and does not interrupt such sessions.

If OpenSSL was updated when updating the local databases of components, you must restart OpenSSL on the device.

To view information about the version of the local databases of Kaspersky NGFW:

1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
2. Select the Devices tab and click the name of the device that you want to view, or add a new device.
3. Select the General tab then select the General section in the left part of the window.

The General section displays the following information about the installed version of the local databases of Kaspersky NGFW components:

• Last update of anti-virus databases is the date and time of the last successful update of local databases.

  If an error occurs at one of the steps of the local component database update, the update is considered to have failed, and the date is not changed.

• Anti-virus databases released is the release date and time of the installed version of local databases.
• Device status is the status of the Kaspersky NGFW device indicating whether the installed local databases are up to date. Possible values:
  • OK means that the latest version of local databases is installed on the device.
  • Warning or Critical means the version of the local component bases installed on the device is out of date.

    By default, the Warning status is displayed if the local databases are out of date by 7 days, and the Critical status is displayed if the local databases are out of date by 14 days. The number of days is inherited from the Administration Server policy. If necessary, you can set the number of days corresponding to these statuses in the settings of the Administration Server policy in the Application settings → Device status section. To inherit these settings in the policy applied on the Kaspersky NGFW device, you need to enable the Enforce toggle switches in the relevant sections.

• Status description lists the reasons why the status of the device was changed to Critical or Warning. When the local component databases are out of date, the Databases are outdated value is displayed.

If the local databases are outdated or an error occurred during the update, a corresponding message is written to the Service event log. Messages are logged no more often than once a day. The following messages are possible:

• Databases are out of date means the local databases update task has not been started for more than 7 days.
• Databases are extremely out of date means the local databases update task has not been started for more than 14 days.
• The product cannot receive database updates; please check internet connection means the local databases update task has not been started due to lack of connectivity for 7 days or more.

You can also manage the Kaspersky NGFW local database update task on the command line using the updater family of commands. For example, you can start or stop the update task, disable automatic database updates, or specify a local custom web server as the update source for downloading databases via HTTP (if Kaspersky NGFW is running in an isolated environment and Kaspersky servers are not available). You can also view the database update status using the show system bases-info command. For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document.

You can also manage the local database update task using the Open Single Management Platform in the Application & Services → NGFW → Policy → System → Database updates section:

• Change the local database update interval.
• Disable local database updates.
• Select the update source for local databases:
  • Kaspersky update servers
  • Local web servers

We recommend disabling automatic database updates only if instructed by Kaspersky Technical Support.

Page top