Hello All,
We have a number of XG firewalls connected to very low bandwidth / high latency WAN connections.
Is it possible to select which pattern modules are updated automatically? We only need IPS and Application signatures to stay up to date.
Regards,
Gary.
The answer is "It depends on the Week".
You can look at the release notes of the pattern.
Based on how many new pattern, the size varies a lot.
https://docs.sophos.com/releasenotes/index.html…
Hi Gary McDonald : Unfortunately no such settings at the moment to select auto pattern update control for specific module. You may submit your request on Ideas Portal of XG. As of now you may only allow to set Interval for "Auto Pattern Update".
Regards,Vishal RanpariyaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link.
Thanks Vishal,
Are there any details of how much data the pattern updates consume? Typical file sizes?
Hi Gary McDonald : This may vary from update to update and module wise depend on changes/enhancement adopted in incremental update.
I appreciate that but is there any "typical" data available. We can then make a decision if we take the bandwidth hit and keep them auto updating or switch auto updates off and resort to manual patching. As a side question is it possible to apply QoS to the the autodate downloads to limit the bandwidth impact?
Hi Gary McDonald : Unfortunately no settings or UI way to apply Qos on system generated traffic. So You can not apply QoS for auto pattern update as it is system generated traffic.
That's incredibly disappointing.
Hi Gary Mcdonald,
As Vishal said, we currently don't have an option for the individual module update. The alternate option which you can try is disable the auto-update from System -> Backup and Firmware -> Pattern updates.
Later, you can manually update the pattern which may help saving the bandwidth.
https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/PatternManage.html
Mayur MakvanaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |If a post solves your question use the 'This helped me' link.
Thanks Mayur,
We may not need to do that if we can understand how much data is consumed by these auto updates on a typical daily/weekly cycle.
I would much prefer to keep the auto update enabled for obvious reasons.
https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=ips&versionID=xg
Sometimes, Sophos releases multiple packs per Week. Sometimes they will be pushed together.
__________________________________________________________________________________________________________________
Thanks for the info Lucar, the IPS and Application signatures we do wish to update automatically. The problem is you can not unselect the other modules in the auto update such as firmware and AV updates which I suspect can be quite large in size. Or apply any QoS policy to ensure these updates do not overload the low speed WAN link.