Signature updates in high availability deployment and build upgrades
The signature update occurs on the primary node. While the signatures are updated on the primary node, in parallel the updated files are simultaneously synchronized with the secondary node.
The *Default signature is always updated first and then the rest of the user-defined signatures are updated.
Connecting to Amazon AWS
The default route NSIP is used to connect to the Amazon AWS. If there is a specific use case scenario where SNIP is used, and if there are multiple SNIPs, the first one to receive the ARP response from the hosting site will hold the route.
Signature updates during version upgrades
In case of an upgrade, if the NS has an older base version for the signatures, *Default signature is automatically updated if a newer signature version is available.
If the schema has changed, the schema version of all the signature objects gets updated when the version is upgraded.
However, for the base version of the user-defined signatures, the behavior is different in release 10.5 versus release 11.0.
In release 10.5, only the default signature was updated and the base version of the rest of the signatures remained unchanged after the build upgrade.
In release 11.0, this behavior has changed. When the appliance is upgraded to install a new build, not only the *Default signature object but all the other user-defined signatures that currently exist in the appliance are also updated and will have the same version after the build upgrade.
In both 10.5 and 11.0 release builds, if auto-update is configured, the *Default Signatures as well as all non-zero version signatures get auto-updated to the latest released signature version and will have the same base version.