Using Versa Security Packages
Versa Security Packages (SPack)
In this article, we will understand how to download and install a SPack on the Versa Director node, and how to configure SPack updates on Versa VOS branch Appliance.
A Security Pack (SPack) is a software bundle that contains predefined objects that you can use in firewall configurations to protect network devices from security threats. The predefined objects include applications, URL categories, URL reputations, IP reputations, IDS and IPS signature definitions, and antivirus definitions. The SPacks are stored in a database repository on the Director node.
When we first deploy headend and branch network components, a SPack is preinstalled on a Director node, based on the subscription type. Versa Networks updates SPacks frequently, and each update contains the latest signatures to protect against new threats.
It is recommended that the SPack is updated regularly and a recommended configuration is to pull this update automatically from Versa’s cloud servers. Updating the SPack has no operational impact on a running Director node or the VOS appliance.
The content of the SPack applicable to each node or branch appliance depends on the type of software license subscription that it is entitled to.
On the Director node, we have the flexibility to download the full SPack or have incremental updates alone.
We have three sections in this –
- Configuring SPack Downloads on the Versa Director
- Install SPack on Versa VOS appliance
- Configure Daily and Real-Time updates in the VOS appliance
Configuring SPack Downloads on the Versa Director
Step 1: In Director view, select the Administration tab in the top menu bar
Step 2: Select Inventory > Security Packages in the left menu bar to view the SPacks that are downloaded and installed on Versa Director.
The main pane displays a list of downloaded SPacks.
The context menu on the top right gives options to perform additional tasks in the SPack menu
- Click the Cancel Download icon to cancel a download
- Click the Edit SPack Configuration icon to edit the preconfigured SPack configuration
- Select a downloaded SPack, and click the Install icon to install the SPack on Versa Director
- Click the SPack File Limit icon to set the SPack file limit
- Select a downloaded security pack, and click the Delete icon to delete the SPack from the Versa Director
Step 3: Click the 'Edit' option to edit the SPack configuration - Add the spack download URL - https://spack.versanetworks.com/versa-updates
In the SPack configuration field, configure the URL from where the Director will download the latest Security Packages. We can also define if we want Full or Incremental Download and the timeout value in case the Director is unable to reach the cloud server. This can be anywhere between 300 to 3600 Secs (5 to 60 Hours) with a Default value of 300.
Also, we can Schedule SPack downloads and define a timer interval after which the Director Node attempts to re-try the download after a failed attempt. The default value is 900 Secs.
When an SPack is downloaded successfully, the Status in the SPack information Tab changes to DOWNLOAD_COMPLETE.
Setting SPack File Limit
The SPack File Limit setting specifies how many SPacks the Director Node retains by default. Once this limit is reached, the Director deletes the oldest SPack.
To set the SPack Limit
Step 1: Select Inventory > Security Package in the left menu bar Step 2: Click the SPack File Limit icon in the main pane Step 3: In the Set SPack File Limit popup window, enter the maximum number of SPacks to retain on the Director node
The default is 5 and we can configure the limit baed on the System memory availability.
Manually Download a SPack
In addition to scheduling SPack downloads, it is also possible to manually download the SPack from the cloud server to the Director Node. Typically if an SPack is needed immediately and cannot wait for the scheduled download or the first instance of enabling this feature.
Step 1: Select the Inventory > Security Package in the left menu bar Step 2: Click the Download icon in the main pane to select an SPack that was downloaded, either a full or an incremental download. The Download Security Package popup window displays Step 3: In the Package field, select the SPack version to download to the Director node. The drop-down displays all the SPack versions that have been downloaded as part of SPack downloads. Step 4: Click Download to start downloading the SPack to the Director node
Install SPack on Versa VOS appliance
Once we download the SPack on the Director, we have to install it on the VOS Branch appliance(s). This can be done using the Install Option from the SPack Tab.
Step 1: Select the Inventory > Security Package in the left menu bar Step 2: In the main pane, check the Package Version and Status to identify the last downloaded SPack Step 3: Select the last downloaded SPack. You can also download an older SPack Step 4: Click the Install icon. In the Install Security Package popup window - The package ID is automatically displayed - Choose the VOS Branch Appliance on which the SPack has to be installed. SPack can be installed on multiple devices at the same time. - Choose Update Director option to install the Downloaded SPack on the Director node Step 5: Click on 'Install' to initiate SPack installation
Configure Daily and Real-Time updates in the VOS appliance
After the first install of the SPack from the Director, automatic downloads of SPack can be configured on the VOS Appliance, either daily at a specific time or once at a specific time. This feature ensures that the Branch appliance has the latest SPack with updated objects installed.
The SPack Automatic Security Update Setting is available in the System Menu under Configuration
Step 1: Select the Device Context and select the Configuration Menu
Step 2: Select Others > System > Security Package Update in the left menu bar
Step 3: Click on 'Edit' to edit the Automatic Security Update Settings - Update the URL - Select the Routing Instance over which the URL can be reached - SPack Flavor
Viewing SPack Information
SPack information like version, flavor and download type can be viewed on the Direction GUI.
Step 1: In the Director View, select the Administration tab and select 'Appliances' and choose a Branch appliance to change to Appliance Context.
Step 2: Organizations > Security Package in the left menu bar. The Security Package Upgrade pane displays the installed SPack version details.
This article discussed what is a Security Pack (SPack), how it can be installed on Versa VOS appliances, and what are the different options available in automatic security pack update.