Troubleshoot Signature Delivery
Gateway AntiVirus, IntelligentAV, Application Control, Data Loss Prevention, Botnet Detection, and the Intrusion Prevention Service download signature updates from the same update server. You must keep your signature database updated to secure your network from new threats. 

To download signature updates, the Firebox device connects to services.watchguard.com and downloads from cdn.watchguard.com. If your signature update server configuration is correct and the connection is not working, consider these possible reasons for the failed connection.

Unresolved DNS Name
Make sure your device is able to resolve DNS names, including:

• services.watchguard.com
• cdn.watchguard.com

For more information on DNS configuration, see Configure Network DNS and WINS Servers in WatchGuard Help Center.

Blocked by Firewall
Make sure the HTTP connection to cdn.watchguard.com is not blocked by another Firebox or firewall.

Download Timed Out
Make sure the link speed to cdn.watchguard.com is fast enough to download the file. The download can expire due to slow download speeds.

Enable Debug Level in Logs
In the case of an ongoing issue, it may be necessary to provide Technical Support with debug level logs for the signature update service. Turn on debug level logs and rerun the manual signature update.

To turn on debug level logs for the signature update service:

1. Log in to Fireware Web UI.
2. Select System > Diagnostic Log.
3. In the Security Subscriptions section, in the Gateway AntiVirus Service and DLP box, select Debug.The signature update service shares the same debug log level setting as the Gateway AntiVirus service and DLP.