Updating and version compatibility

Always back up your database before updating Core. Core is the only component with persistent storage (PostgreSQL). See the deployment overview for backup instructions.

Defguard is composed of multiple components (Core, Edge, Gateway) that communicate over gRPC. Each component can be updated independently, provided the components remain compatible.

When components attempt to establish a connection, Defguard automatically performs a version check. If an incompatibility is detected, the connection is refused.

It's recommended to always use the newest version of each service and update them all together to avoid incompatibility.

All components should be kept on the same major.minor version (e.g., all on 2.0.x). Pre-release tags (-rc1, -alpha1) are stripped during version comparison, so a 2.0.0-rc1 Gateway is considered compatible with a 2.0.0 Core.

Pre-release and development versions

To test upcoming releases, see the pre-production and development releases page for Docker tags, package downloads, and one-line install options.

General update workflow

Back up the database (Core only)
Read the migration guides for the version you're upgrading to
Update all components (Core, Edge, Gateway) to the latest version
Verify connectivity — check component logs for gRPC connection success
Check the Core UI — incompatible components will be shown as disconnected

Upgrade guides by deployment method

Choose the guide that matches how you deployed Defguard:

Official GitHub Releases

Check the GitHub repositories for each service to find their newest releases and release notes:

Firewall rules for version or license checking

In order to prevent any issues with update checking or license verification, please open on your firewall access to HTTPS for the following host:

Domain

Purpose

pkgs.defguard.net

185.33.37.43

Updates & License validation

PreviousGateway with CARP NextUsing a userspace WireGuard implementation

Last updated 0 minutes ago

Was this helpful?