Use SPacks with Concerto

Last updated
Save as PDF

For supported software information, click here.

A security pack (SPack) is a software bundle that contains predefined services and objects that you can use in firewall configurations to protect network devices from security threats. The predefined services include applications, URL categories, URL reputations, IP reputations, IDS and IPS signature definitions, firmware, and antivirus definitions.

When you deploy branch network components, an SPack is preinstalled on a Director node, which acts as the centralized patch and lifecycle management server. Versa Networks updates SPacks frequently, either automatically or manually, and each update contains the latest signatures to protect against newly discovered threats. You should update the SPack regularly, and it is recommended that you update the SPack automatically. Updating the SPack has no operational impact on a running Director node or VOS device.

You can download SPacks from an SPack cloud server. This article describes how to download and install an SPack on the Concerto node, how to upload an SPack, and how to configure SPack updates on VOS devices.

SPack Services

The following table provides information about the services in an SPack:

Service	Description	Database Update Frequency
Antivirus	Antivirus software receives information about supported file types and protocols from SPack, as well as database updates. SPack is updated for new malware database updates and these updates contain different hashes from all file types. Antivirus SDK contains different signatures to detect viruses and is periodically updated through SPack. Antivirus also receives security tags through SPack to allow certain application identifiers (AppIDs).	With each SPack release.
Application identifiers (AppIDs)	The AppID service uses application signatures that the SPack provides to identify applications.	Every three months (third-party database).
Cloud Access Security Broker (CASB)	Versa CASB provides in-house signatures to detect and track various activities across cloud applications. CASB signatures detect actions such as upload, download, edit, create, delete, and share. By identifying user activities, CASB provides visibility into cloud activities to enable better control and security.	Every two weeks.
File filtering	File filtering service receives signatures to identify different file types. You use use file filtering to reduce the risk of attacks from unwanted and malicious files.	In case of specific code update.
IDS and IPS	Intrusion detection system (IDS) is the process of examining the network for indications of vulnerabilities and for detecting inappropriate or anomalous activity. Intrusion prevention system (IPS) is the process of stopping vulnerabilities by responding to inappropriate or anomalous activity. The IDS/IPS signature component in SPack updates signature files. These signatures are patterns that match known threats and enable IPS to identify and respond to security incidents in real time. This ensures that IPS remains up-to-date to effectively identify potential threats. IDS/IPS provides the following features: Threat prevention—IDS/IPS detects threats and actively blocks or mitigates them. On identifying a malicious activity, IPS takes immediate action, such as dropping harmful packets, blocking traffic, or resetting connections. Inline operation—IDS/IPS operates inline with the network traffic, that is, it controls the flow of data in real time. This allows it to prevent attacks before reaching the target. Signature- and anomaly-based detection—IDS/IPS uses a database of signatures or behavior-based rules to identify threats. You can also configure it to respond to specific types of attacks.	Weekly.
IP filtering	IP filtering performs IP address lookup in the SPack IP reputation database. The SPack database contains reputation and geo-location associated with specific IP addresses. As IP reputations change frequently, it is recommended that you use the latest SPack. If an access policy is associated with a predefined IP filtering profile or a user-defined reputation-based action profile, the latest SPack ensures proper enforcement profile actions.	With each SPack release.
URL filtering	SPack enables lookup of any URL for category and reputation for URL filtering. SPack comprises the top one million URL categories and reputations from Versa feed. URL filtering uses URL reputation manager (URM) to answer cloud lookup request by sending these requests to urm.versanow.net. URM provides the following features: Supports load balancing for multi-region architecture based on latency. Supports IPv6. Provides caching abilities to enable faster response.	Continuous updates for URL-related intelligence.

Edit the SPack Download Parameters

The SPack download parameters define the URL from which to download SPacks and whether to perform full or incremental updates, and it allows you to schedule a time to download an updated SPack. When you schedule an SPack download to a Concerto node, the Concerto node retains the last five SPacks by default. When this limit is reached, the Concerto node deletes the oldest SPack.

To configure the SPack download parameters:

From the main Tenants screen, select the Inventory lifecycle in the left navigation panel.
Select Software Packages > Security (SPack) tab, and then click Edit Security Package Configuration.

In the Edit Security (SPack) Package Configuration popup window, enter information for the following fields.

Field	Description
URL (Required)	Enter the URL from which to download SPacks. Use the URL https://spack.versanetworks.com/versa-updates.
Download Timeout	Enter the time, in minutes, after which the download times out. Range: 300000 through 900000 milliseconds (5 through 15 minutes) Default: 300000 milliseconds
Download Type	Select the type of SPack to download: Full—Download the full database repository. A full download overwrites the SPack that is installed on the Director node. Incremental—Download only an update to the currently installed SPack. To determine whether an incremental update is available, check the release notes for the SPack version.
Flavor	Select the type of SPack database to download: Premium—Download an SPack database that contains the complete antivirus, IPS, and URL filtering database. You can use the premium SPack database for all security deployments. To install a premium SPack, a minimum of 8 GB of RAM is recommended. If the amount of RAM is low, an error message is displayed during the installation. Note that you cannot install a premium SPack on two-core 4-GB VOS devices. Sample—Download an SPack database that contains a basic antivirus, IPS, and URL filtering database. The sample SPack database contains fewer signatures, and it is not recommended for UTM deployments.
File Limit	Enter the maximum number of SPacks to retain on the Director node. The default is 5. You configure the file limit to be any value, but keep in mind the memory availability on the Director node.
Schedule Download	Click to schedule a time at which to download SPacks. A scheduled download downloads the SPack and automatically installs it on the Director node at the scheduled time. To view information about the download and the Director update, click the Tasks icon in the horizontal menu bar.
Start Day and Time	Select the date and time at which to begin downloading the SPack.
Interval	Enter a time interval after which the Director node attempts the next SPack download. This interval defines the time between two downloads. For example, if the interval is 900 seconds, the Director node attempts the next SPack download after 15 minutes. Range: 1 to 4294967295 seconds Default: 900 seconds

Click Save.

Manually Download an SPack to the Concerto Node

Note that to download an SPack manually from a cloud server to the Concerto node, the Concerto node must have access to the internet.

To download an SPack manually from a cloud server to the Concerto node:

From the main Tenants screen, select the Inventory lifecycle in the left navigation panel.
Select Software Packages > Security (SPack) tab, and then click Add Package.

In the Add Security (SPack) Package popup window, select the location from which to download the Security (SPack) package.

To download the security (SPack) package from Cloud, select Download from Cloud and click Next.
- In the Download Security (SPack) Package popup window, in the Package Version field, select the SPack version to download to the Director node. The list displays all the SPack versions that are available to download.
- Click Download to start downloading the SPack to the Director node. When the SPack download completes successfully, the Status column in the main pane displays the status DOWNLOAD_COMPLETE.

To upload the security (SPack) package from a local machine, select Upload from Local Machine and click Next.

inventory-software-secuirty-spack-tab-add-package-local.png

inventory-software-secuirty-spack-tab-add-package-local.png

In the Upload Security (SPack) Package popup window, enter information for the following fields.

inventory-software-secuirty-spack-tab-add-package-local1.png

inventory-software-secuirty-spack-tab-add-package-local1.png

Field	Description
Select Security (SPack) File (Required)	Click Browse File, and then select the SPack file to upload from the local computer. Note that filename must start with the string versa-security-package and the filename extension must be .tbz2.
Select Checksum File (Required)	Click Browse File, and then select the checksum file for the SPack to upload from the local computer. The filename must start with the string versa-security-package, and the filename extension must be .sha1
Download Type	Select the type of SPack to upload. Ensure that you select the same type as the SPack file that you want to upload. Full—Download the full database repository. A full download overwrites the SPack that is installed on the Director node. Incremental—Upload only an update to the currently installed SPack. To determine whether an incremental update is available, check the release notes for the SPack version.
Flavor	Select the type of SPack database to download. Ensure that you select the same flavor as the SPack file that you want to upload. Premium—Upload an SPack database that contains the complete antivirus, IPS, and URL filtering database. You can use the premium SPack database for all security deployments. To install a premium SPack, a minimum of 8 GB of RAM is recommended. If the amount of RAM is low, an error message is displayed during the installation. Note that you cannot install a premium SPack on two-core 4-GB VOS devices. Sample—Upload an SPack database that contains a basic antivirus, IPS, and URL filtering database. The sample SPack database contains fewer signatures, and it is not recommended for UTM deployments.

Click Upload. To display information about the manual SPack upload, click the Tasks icon in the horizontal menu bar.

Upgrade an SPack on a VOS Device

To upgrade an SPack on a VOS device:

From the main Tenants screen, select the Inventory lifecycle in the left navigation panel.
Select Appliance Inventory tab, and then select Upgrade Package > Security (SPack) Package.

In the Upgrade Security Package on Appliance popup window, enter information for the following fields.

Field	Description
Download Type (Required)	Select the type of package to download: Full—Select a new SPack. Select this option if an SPack is not already installed on the VOS device. Incremental—Select to upgrade the SPack on the VOS device.
Flavor (Required)	Select the type of SPack database to download: Premium—Download an SPack database that contains the complete antivirus, IPS, and URL filtering database. You can use the premium SPack database for all security deployments. To install a premium SPack, a minimum of 8 GB of RAM is recommended. If the amount of RAM is low, an error message is displayed during the installation. Note that you cannot install a premium SPack on two-core 4-GB VOS devices. Sample—Download an SPack database that contains a basic antivirus, IPS, and URL filtering database. The sample SPack database contains fewer signatures, and it is not recommended for UTM deployments.
Package Name (Required)	Select the security package name.
Schedule Upgrade	Click to schedule a time at which to upgrade the SPack. A scheduled upgrade upgrades the SPack and automatically installs it on the VOS device ;at the scheduled time. To view information about the upgrade and the device update, click the Tasks icon in the horizontal menu bar.
Select Upgrade Start Day & Time	Select the date and time at which to begin upgrading the SPack.
Appliance Inventory	Displays the device or devices that you selected to upgrade.

Click Upgrade.

Upgrade an SPack on a VOS Device (Releases 11.4 and Earlier)

To upgrade an SPack security package from Concerto:

Note: Before you can upload the SPack using Concerto, the SPack must be present on the Versa Director node.

Select the Inventory lifecycle in the left navigation panel.
Hover over the row for the tenant to be upgraded, and click the Ellipsis icon to select an option.
Click Upgrade SPack. The Upgrade SPack popup window displays.
In the SPack Version field, select an SPack package. Details of the SPack package display.
Click Submit.
Hover over the tenant row, and then click View to view progress messages in the View Inventory screen.

Supported Software Information

Releases 12.1.1 and later support all content described in this article, except where noted.

Additional Information

Concerto Inventory Lifecycle
Use OS SPacks with Concerto
Upgrade VOS Software from Concerto