Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to update IDP signature database automatically on a SRX

0

0

Article ID: KB16491 KB Last Updated: 29 Jun 2020Version: 7.0
Summary:

This article explains how to update an IDP signature database automatically on a SRX.

For other IDP-related articles, refer to KB16561 - SRX Getting Started - Configure and Troubleshoot IDP on a SRX.

Symptoms:

Is there a way to set up the signature database download to happen at a specific time?

Solution:

This section contains the following:

Perform the following JWeb or CLI steps to configure the device to download the signature database automatically at a specified interval.
 

JWeb Configuration

This example will configure the SRX to download the signature database once a week, with the first automatic download starting on the 10th of January at 2:00 a.m.:
  1. Select Configure > Security > IDP > Signature Update.
  2. Click the DownloadSetting tab.
  3. Click the Auto Download Setting tab.
  4. In the Start Time field, enter 01-10.02:00.
  5. In the Interval field, enter 168.
  6. Click Enable Schedule Update.
  7. Click OK.
  8. Click Apply and commit the changes.
     

CLI Configuration

  1. Specify the time and interval for the automatic download:

    root# set security idp security-package automatic interval <hours> start-time <the start of the first download>

    For example, to set the download to happen after three days, with the first automatic downloading starting on 14th of July at 2:00 a.m.:

    root# set security idp security-package automatic interval 72 start-time 2013-07-14.02:00:00

  2. Enable the automatic download:

    root# set security idp security-package automatic enable

Notes:

  • If you have configured the device for automatic signature database download, the new signature database is downloaded and installed.
  • If there is a running IDP policy in the device, the policy is recompiled with the new signatures and pushed to the data plane.
  • Similarly, if there is an existing running IDP policy and the previously installed detector's version is different from the newly downloaded one, then the newly downloaded detector is pushed to the data plane.
     

Technical Documentation

For more information on this, refer to Updating the Signature Database Automatically.
 

Verification

The following command shows the configuration of the automatic download of the IDP security package:

root@SRX210-HM> show configuration security idp security-package
automatic {
    start-time "2013-7-14.02:00:00 +0000";
    interval 72;
    enable;
}


The following command shows the version of the attack-db installed:

root@SRX210> show security idp security-package-version
   Attack database version:1581(Tue Jan 12 12:43:22 2010)
   Detector version :10.2.160091104
   Policy template version :2


The following command shows if the scheduled update started without any errors:

root@SRX210> show log messages | match “Scheduled update”
Jan 25 14:47:37 SRX210-HM idpd[982]: IDP_SCHEDULED_UPDATE_STARTED: Scheduled update has started(at Mon Jan 25 14:47:37 2010 )
 
Modification History:
2020-06-29: Removed J-Series references.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search