In addition to updating the JUNOS software, IDP Detector has to be updated as well. This article describes how to determine the IDP detector version currently installed on the device and install the latest detector.
The IDP detector engine is a dynamic protocol decoder that includes support for decoding more than 60 protocols and more than 500 service contexts. The IDP detector engine is used by the IDP process engine in packet analysis.
The detector engine code base is packaged and released separately from the Junos code bases. Juniper Networks Security Center (J-Security Center) releases IDP detector engine updates more frequently in order to ensure IDP products protect your network against recently discovered vulnerabilities.
To display the IDP detector engine version number on a Junos device, perform the following:
-
Log into the Junos device via the CLI and enter operational mode.
-
Enter the following command:
root@srx> show security idp security-package-version
Attack database version:3291(Thu Jun 18 13:44:19 2020 UTC)
Detector version :12.6.160200109
Policy template version :3291
In this example, the detector version installed in the device is 10.2.140090831. To update a Junos device using the CL, perform the following:
-
Download the security package. The security package includes the detector and the latest attack objects and groups.
user@host> request security idp security-package download full-update
-
Update the attack database, the active policy, and the detector with the new package using the following command:
user@host> request security idp security-package install
-
Check the attack database update status with the following command. The command output displays information about the downloaded and installed versions of attack database versions.
user@host> request security idp security-package install status