09-05-2023 08:16 AM
Dear Good people,
From the Product updates tab of fmc, we found 'Vulnerability Signature and Fingerprint Updates' are not installed and not updated . And in Rule Updates tab we found Snort rules are getting updated weekly automatically
We have TMC license for 3 years. My question is that if we have TMC license enabled and snort rule are getting updated automatically why product updates are not getting updated? Is ' Product Updates' related to TMC license or only patch?
09-05-2023 09:23 AM - edited 09-05-2023 09:25 AM
VDB updates must be downloaded either manually or via a scheduled job (from the scheduling page, not the updates page).
Product updates include hotfixes, patches, minor and major version updates. Only the first two can be scheduled (on releases prior to 7.3). Minor and major version upgrades require you download them manually to your computer and then upload to FMC.
09-05-2023 10:01 AM
Thanks.But does product updates have any relation with TMC license? I mean even if we don't have TMC subscription still the Product Updates can be updated?
09-06-2023 08:34 AM
Entitlement for product version, Security Intelligence, VDB and Gelocation updates requires an active Smartnet support contract.
The threat ("T") license is required for IPS (SRU and LSP) updates. However, the system will still download them without that license being current.
The Malware ("M") license is required to apply a file policy (with or without cloud lookup of file hashes).
The URL Filtering ("C" for Content) license is required to apply URL Filtering feature in your Access Control Policy as the system will require it to lookup the content categories of URLs for use in both monitoring and enforcement.
09-06-2023 09:07 AM - edited 09-06-2023 09:08 AM
Hi Marvin,
Thanks for your reply. That means product updates has no relation with TMC license, right? Without these licenses below things can be installed?
09-06-2023 09:16 AM
Yes, but as noted any ACP rules that use IPS policy, File Policy or URL filtering will prevent deployment without those license installed. A deployment is required post-upgrade to sync FMC to its managed devices. So you would have to disable those features in any affected rules (they should show a yellow warning triangle with ! inside it).
09-06-2023 09:24 AM
Ok got it. Should i disable the feature to remove the yellow warning sign from fmc regarding Security Intelligence feed? Which features?
09-06-2023 09:32 AM
No, the warning sign is for licensed features (T, M, or C) being used in policy rules where licenses are not available or expired.
The SI feed not updating will continue to raise an alert as long as FMC is trying to update (by default every 2 hours - set under Object Management, Security Intelligence feeds).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide