Updates & Maintenance
1. Purpose of This Document
This document describes how Firegate™ receives updates, maintains operational integrity, and ensures long-term protection stability.
Firegate is designed to operate independently once deployed, while securely receiving rule and system updates through an isolated management channel.
2. Update Architecture
2.1 Dedicated Management Interface
Firegate uses a physically separate network interface exclusively for update and maintenance connectivity.
This interface:
- Holds an IP address
- Is not part of the inline inspection path
- Is isolated from modem-to-router traffic
The separation ensures that update connectivity does not interfere with inline enforcement.
2.2 Outbound WireGuard Connectivity
Firegate establishes encrypted outbound connectivity using WireGuard to authorised QuantumSabre infrastructure.
The update channel:
- Is initiated from the Firegate device
- Uses authenticated cryptographic keys
- Does not require inbound port forwarding
- Does not expose administrative services publicly
All update communication is outbound and encrypted.
3. Rule Updates
Security effectiveness depends on current rule sets.
Firegate periodically receives:
- Intrusion detection and prevention rule updates
- Domain enforcement updates
- Policy refinements
Existing rules continue to enforce even if update connectivity is temporarily unavailable.
4. System Updates
Firegate runs on a supported Ubuntu 24.04 base system.
System updates may include:
- Security patches
- Kernel updates
- Suricata engine updates
- Stability improvements
Update application may require a controlled restart.
5. Operational Stability
Firegate is designed for predictable operation.
• Inline inspection continues independently of update timing
• Temporary loss of update connectivity does not disable protection
• The device resumes update communication automatically when connectivity is restored
Unexpected power loss may interrupt traffic temporarily.
The system is designed to recover automatically upon restart.
6. Maintenance Considerations
6.1 Physical Environment
Firegate should:
• Be installed in a ventilated environment
• Avoid excessive dust accumulation
• Maintain unobstructed airflow
• Provide clearance for cooling systems
6.2 Power Stability
Use surge protection or a UPS in:
• Small business deployments
• Critical home office environments
Stable power reduces operational interruptions.
7. Administrative Responsibilities
Administrators should:
• Ensure update interface connectivity remains available
• Maintain secure storage of authorised VPN credentials (if issued)
• Periodically verify general network operation
• Ensure physical security of the device
Firegate does not require routine manual configuration for standard operation.
8. Lifecycle Considerations
Security performance depends on:
• Continued rule updates
• Supported software versions
• Hardware integrity
• Reliable update connectivity
Outdated software or rule sets may reduce protection effectiveness over time.
9. Summary
Firegate’s update and maintenance model is designed to:
• Maintain isolation between inspection and management paths
• Use outbound-only encrypted connectivity
• Enforce existing security policies even during temporary update disruption
• Avoid reliance on cloud-managed dashboards
The architecture enhances long-term stability while preserving a minimal exposed attack surface.
