diff --git a/go.mod b/go.mod
index bb10d5c5e..7c45d46b1 100644
--- a/go.mod
+++ b/go.mod
@@ -53,7 +53,7 @@ require (
 	github.com/pomerium/csrf v1.7.0
 	github.com/pomerium/datasource v0.18.2-0.20221108160055-c6134b5ed524
 	github.com/pomerium/webauthn v0.0.0-20221118023040-00a9c430578b
-	github.com/pomerium/zero-sdk v0.0.0-20230816000855-af1b8165df05
+	github.com/pomerium/zero-sdk v0.0.0-20230816163741-2c7886877a34
 	github.com/prometheus/client_golang v1.16.0
 	github.com/prometheus/client_model v0.4.0
 	github.com/prometheus/common v0.44.0
diff --git a/go.sum b/go.sum
index 1c19d4b76..5ba32e781 100644
--- a/go.sum
+++ b/go.sum
@@ -657,8 +657,8 @@ github.com/pomerium/datasource v0.18.2-0.20221108160055-c6134b5ed524 h1:3YQY1sb5
 github.com/pomerium/datasource v0.18.2-0.20221108160055-c6134b5ed524/go.mod h1:7fGbUYJnU8RcxZJvUvhukOIBv1G7LWDAHMfDxAf5+Y0=
 github.com/pomerium/webauthn v0.0.0-20221118023040-00a9c430578b h1:oll/aOfJudnqFAwCvoXK9+WN2zVjTzHVPLXCggHQmHk=
 github.com/pomerium/webauthn v0.0.0-20221118023040-00a9c430578b/go.mod h1:KswTenBBh4y1pmhU2dpm8VgJQCgSErCg7OOFTeebrNc=
-github.com/pomerium/zero-sdk v0.0.0-20230816000855-af1b8165df05 h1:Rl2df8q+DAd3SsJn9MpXrbo7JRNCDHVaohOyUZ2IJik=
-github.com/pomerium/zero-sdk v0.0.0-20230816000855-af1b8165df05/go.mod h1:cAyfEGM8blUzchYhOWrufuj/6lOF277meB4c/TjMS28=
+github.com/pomerium/zero-sdk v0.0.0-20230816163741-2c7886877a34 h1:UMt+h1nKW9DDCYzejkGaYFjKzOHFgIP9zorRMADbKhM=
+github.com/pomerium/zero-sdk v0.0.0-20230816163741-2c7886877a34/go.mod h1:cAyfEGM8blUzchYhOWrufuj/6lOF277meB4c/TjMS28=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
diff --git a/internal/zero/bootstrap/bootstrap.go b/internal/zero/bootstrap/bootstrap.go
index aaa40f165..6cb176c70 100644
--- a/internal/zero/bootstrap/bootstrap.go
+++ b/internal/zero/bootstrap/bootstrap.go
@@ -25,12 +25,12 @@ import (
 )
 
 const (
-	// DefaultCheckForUpdateInterval is the default interval to check for updates
+	// DefaultCheckForUpdateIntervalWhenDisconnected is the default interval to check for updates
 	// if there is no connection to the update service
-	DefaultCheckForUpdateInterval = 5 * time.Minute
+	DefaultCheckForUpdateIntervalWhenDisconnected = 5 * time.Minute
 	// DefaultCheckForUpdateIntervalWhenConnected is the default interval to check for updates
 	// if there is a connection to the update service
-	DefaultCheckForUpdateIntervalWhenConnected = 2 * time.Hour
+	DefaultCheckForUpdateIntervalWhenConnected = time.Hour
 )
 
 // Run initializes the bootstrap config source
@@ -57,7 +57,7 @@ func (svc *Source) watchUpdates(ctx context.Context) error {
 			svc.triggerUpdate(DefaultCheckForUpdateIntervalWhenConnected)
 		}),
 		connect_mux.WithOnDisconnected(func(_ context.Context) {
-			svc.triggerUpdate(DefaultCheckForUpdateInterval)
+			svc.updateInterval.Store(DefaultCheckForUpdateIntervalWhenDisconnected)
 		}),
 		connect_mux.WithOnBootstrapConfigUpdated(func(_ context.Context) {
 			svc.triggerUpdate(DefaultCheckForUpdateIntervalWhenConnected)
@@ -70,14 +70,6 @@ func (svc *Source) updateLoop(ctx context.Context) error {
 	defer ticker.Stop()
 
 	for {
-		err := retry.Retry(ctx,
-			"update bootstrap", svc.updateAndSave,
-			retry.WithWatch("bootstrap config updated", svc.checkForUpdate, nil),
-		)
-		if err != nil {
-			return fmt.Errorf("update bootstrap config: %w", err)
-		}
-
 		ticker.Reset(svc.updateInterval.Load())
 
 		select {
@@ -86,6 +78,14 @@ func (svc *Source) updateLoop(ctx context.Context) error {
 		case <-svc.checkForUpdate:
 		case <-ticker.C:
 		}
+
+		err := retry.Retry(ctx,
+			"update bootstrap", svc.updateAndSave,
+			retry.WithWatch("bootstrap config updated", svc.checkForUpdate, nil),
+		)
+		if err != nil {
+			return fmt.Errorf("update bootstrap config: %w", err)
+		}
 	}
 }
 
diff --git a/internal/zero/bootstrap/new.go b/internal/zero/bootstrap/new.go
index 09bda470a..2bafb577d 100644
--- a/internal/zero/bootstrap/new.go
+++ b/internal/zero/bootstrap/new.go
@@ -59,7 +59,7 @@ func New(secret []byte) (*Source, error) {
 		checkForUpdate: make(chan struct{}, 1),
 	}
 	svc.cfg.Store(cfg)
-	svc.updateInterval.Store(DefaultCheckForUpdateInterval)
+	svc.updateInterval.Store(DefaultCheckForUpdateIntervalWhenDisconnected)
 
 	return svc, nil
 }