The updates for IPS Software Blade are downloaded to the Security Management Server / Domain Management Server and then are transferred to the VSX Gateway during policy installation. (The IPS update is fetched from the Security Management and pushed to the VSX (VS0).)
In SmartConsole, go to 'Security Policies tab > Threat Prevention Policy > Updates' (similar to the description in sk120255). Make sure that proxy setting are defined on the Security Management.
IPS Software Blade update on the Security Management Server / Domain Management Server can always be performed manually, or can be scheduled in SmartDashboard.
In R80.10 and higher versions, IPS blade does not have to be enabled (Geo policy is installed as a part of the Access Policy). For R80.10 and higher VSX gateways, the activation mode of Geo policy assigned to VSX gateway (Context of VS0) has to be either in "Monitor Only" or "Active". This is required for the IPS Geo Protection updates to work on Virtual Systems (VS).
In R77.30 and lower versions, for the IPS Geo Protection updates to work correctly, the following has be configured in the VSX Security Gateway object itself (context of VS0):
IPS blade has to be enabled
IPS profile has to be assigned, in which the "Action" of Geo Protection is set to either "Detect", or "Prevent"
If your VSX Gateway is connected to the Internet via Proxy, then you should configure the relevant proxy settings in the VSX Gateway object. VSX Gateway fetches the update package from the cloud, and then all Virtual System get the update package from the shared directory in the context of VS0.
If your VSX Gateway is connected to the Internet via Proxy, then you should configure the relevant proxy settings in the VSX Gateway object. Each configured Virtual System will use its own proxy settings.
Threat Prevention policy must be installed on VSX Gateway / VSX Cluster and on the Virtual Systems, on which the Anti-Bot / Anti-Virus Software Blade is enabled.
Configure the DNS server(s) in the Operating System settings on VSX Gateway / each VSX Cluster in the context of VS0 (VSX machine itself). Note: All Virtual Systems will use the same DNS configuration (it can not be configured per Virtual System).
You must create an explicit security rule for each Virtual System that allows access from Virtual System to the configured DNS Server(s).
If your VSX Gateway is connected to the Internet via Proxy, then you should configure the relevant proxy settings in the VSX Gateway object. Each configured Virtual System will use its own proxy settings.
Updatable objects are supported on VSX. Each VS configured with Updatable Objects must have connectivity to updates.checkpoint.com and dl3.checkpoint.com in order to be able to download the package of Updatable Objects.