For Anti-Virus, Anti-Bot Malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions. and Threat Emulation, the gateways download the updates directly from the Check Point cloud.
For IPS, prior to R80.20, the updates were downloaded to the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., and only after you installed policy, the gateways could enforce the updates. Starting from R80.20, the gateways can directly download the updates. For R80.20 gateways and higher with no internet connectivity, you must still install policy to enforce the updates.
When you configure automatic IPS updates on the gateway, the action for the newly downloaded protections is by default according to the profile settings.
IPS, Anti-Virus and Anti-Bot updates are performed every two hours by default. Threat Emulation engine updates are performed daily at 05:00 by default, and Threat Emulation image updates are performed daily at 04:00 by default.
You can see the list of Anti-Bot and Anti-Virus protections in Custom Policy Tools > Protections, and the list of IPS protections in Custom Policy Tools > IPS Protections. The update date appears next to each protection.
In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., go to Security Policies > Threat Prevention > Custom Policy > Custom Policy Tools
Go to Updates.
Go to the section about the required Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities., click Schedule Update.
The Scheduled Updates window opens.
Make sure Enable <blade> scheduled updates is selected.
For IPS, there are 2 more configuration options for scheduling Security Management Server updates
In the window that opens, set the Time of event
Install the Threat Prevention policy.
In Custom Policy Tools > Update, a message shows which indicates the number of gateways which are up-to-date.
In the Gateways & Servers view, select a gateway.
Right-click the gateway, and select the Monitor button.
The Device & License Information window opens.
The Device Status page shows the gateway status.
You can turn off automatic IPS updates on a specific gateway.
In SmartConsole, to the Gateways & Servers view, and double-click a gateway.
The gateway properties window opens.
In the navigation tree, go to IPS.
In IPS Update Policy, select Use IPS management updates.
Install the Threat Prevention Policy.
These scenarios explain how an upgrade of the Security Gateways or the Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. or both, affects the Scheduled Updates configuration.
Upgrading the Security Management Server to R80.20, and not upgrading the gateways to R80.20
If you do not upgrade the Security Gateways, then after the upgrade, the Security Gateways are still not able to receive the updates independently, only through the Security Management Server. In this case, the configuration stays the same compared to before the upgrade: Scheduled Updates will be enabled or disabled on the Security Management Server, depending on the configuration before the upgrade.
Upgrading the Security Gateways to R80.20 (with or without Security Management Server upgrade)
If, before the upgrade, Scheduled Updates were configured on the Security Management Server with automatic policy installation, then after the upgrade, automatic IPS updates are still enabled on the Security Management Server, and are also applied to the upgraded gateways.
If Scheduled Updates were disabled on the Security Management Server before the upgrade, then they remain disabled after the upgrade, both on the Security Management Server and the gateways.
If, before the upgrade, Scheduled Updates were configured on the Security Management Server without automatic policy installation - then during the first policy installation after upgrade, a message shows which indicates that Security Gateways R80.20 and higher automatically update the IPS Protections. For Security Gateways R80.10 and lower, you must install policy to apply the updates.