I am running R80.40 in both my production and lab environments. This issue / question is true for both. I have noticed that the IPS package numbers that my gateways show as having installed don't seem to be correct at times or my gateways really aren't getting updated with new protections in staging mode like I think they should be.
The way I do IPS protections is I manually download the latest updates in SmartConsole and then install threat prevention policy to the gateways. New protections are set to go into staging mode.
I have noticed that if I download the latest IPS update in SmartConsole, look over the new protections in staging, not make any changes, and then install threat prevention policy the IPS package number will not change to the new version per the output from the "ips stat" command.
I was under the impression that when I install threat prevention policy in this scenario the IPS package number should be updated and the new protections should be installed on the gateways in detect only mode.
The only way I can get "ips stat" to report as having the new package version is if I actually clear staging on the protections and then install threat policy.
In the past, possibly when I was running 80.30, I remember after downloading a new IPS package and installing TP policy, on the install policy screen there would be a message indicating that the IPS version was going to be updated to xxx.
How can I be sure my new protections set to detect in staging mode are actually getting applied to my gateways?