InformationThis setting determines whether or not the identity of the update server must be verified before performing an update session. Note that if an SSL Forward Proxy is configured to intercept the update session, this option may need to be disabled (because the SSL Certificate will not match).
Verifying the update server identity before package download ensures the packages originate from a trusted source. Without this, it is possible to receive and install an update from a malicious source.
This setting protects the device from an 'evilgrade' attack, where a successful DNS attack can redirect the firewall to an attacker-controlled update server, which can then serve a modified update.
SolutionNavigate to Device > Setup > Services > Services.
Set the Verify Update Server Identity box to checked.