Knowledge Search


×
 

[SRX/J] How to update IDP signature database automatically on an SRX or J Series device

  [KB16491] Show Article Properties


Summary:

This article explains how to update an IDP signature database automatically on an SRX or J Series device.

For other IDP-related articles, refer to KB16561 - SRX Getting Started - Configure and Troubleshoot IDP on a SRX or J-series device.

Symptoms:

Is there a way to set up the signature database download to happen at a specific time?

Solution:

This section contains the following:

Perform the following JWeb or CLI steps to configure the device to download the signature database automatically at a specified interval.

JWeb Configuration

This example will configure the SRX to download the signature database once a week, with the first automatic download starting on the 10th of January at 2:00 a.m.:
  1. Select Configure > Security > IDP > Signature Update.
  2. Click the DownloadSetting tab.
  3. Click the Auto Download Setting tab.
  4. In the Start Time field, enter 01-10.02:00.
  5. In the Interval field, enter 168.
  6. Click Enable Schedule Update.
  7. Click OK.
  8. Click Apply and commit the changes.

CLI Configuration

  1. Specify the time and interval for the automatic download:

    root# set security idp security-package automatic interval <hours> start-time <the start of the first download>

    For example, to set the download to happen after three days, with the first automatic downloading starting on 14th of July at 2:00 a.m.:

    root# set security idp security-package automatic interval 72 start-time 2013-07-14.02:00:00
  2. Enable the automatic download:

    root# set security idp security-package automatic enable

Notes:

  • If you have configured the device for automatic signature database download, the new signature database is downloaded and installed.
  • If there is a running IDP policy in the device, the policy is recompiled with the new signatures and pushed to the data plane.
  • Similarly, if there is an existing running IDP policy and the previously installed detector's version is different from the newly downloaded one, then the newly downloaded detector is pushed to the data plane.

Technical Documentation

For more information on this, refer to Updating the Signature Database Automatically.

Verification

The following command shows the configuration of the automatic download of the IDP security package:

root@SRX210-HM> show configuration security idp security-package
automatic {
    start-time "2013-7-14.02:00:00 +0000";
    interval 72;
    enable;
}


The following command shows the version of the attack-db installed:

root@SRX210> show security idp security-package-version
   Attack database version:1581(Tue Jan 12 12:43:22 2010)
   Detector version :10.2.160091104
   Policy template version :2


The following command shows if the scheduled update started without any errors:

root@SRX210> show log messages | match “Scheduled update”
Jan 25 14:47:37 SRX210-HM idpd[982]: IDP_SCHEDULED_UPDATE_STARTED: Scheduled update has started(at Mon Jan 25 14:47:37 2010 )


Related Links: