Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[JSA/STRM] Offline autoupdate procedure

0

0

Article ID: KB19589 KB Last Updated: 06 Dec 2019Version: 5.0
Summary:

This article provides information on how to autoupdate JSA/STRM, when there is no connection available to the Juniper autoupdate server.

Symptoms:

Often, due to security reasons, JSA/STRM is not allowed to access the Internet (hence there is no access to Juniper autoupdate site). In this case, setting up a local repository is possible.

Solution:

Note: The autoupdate file size is approximately 4.5GB. Make sure you transfer the file to a partition/directory that has enough disk space available (for ex. /transient/autoupdate).

  1. ​Download the autoupdate package from Juniper Customer Support *(JSA Signatures)
  2. Log in to JSA as the root user. Create a directory in /transient (ex. mkdir /transient/autoupdate)

  3. Type the following command to create the autoupdate directory and a soft-link to it:

    cd /opt/qradar/www
    mkdir -p software/strm/
    cd /opt/qradar/www/software/strm

    ln -s /transient/autoupdate autoupdate

  4. Save the autoupdate package file on your JSA server in the /transient directory, and then un-tar the file in the directory that you created.

  5. On your JSA console, type the following command to decompress the auto-update package:

    tar -zxf autoupdate[timestamp].tgz

    Example: tar -zxvf autoupdate-10102019.tgz

  6. Log in to the JSA UI.

  7. From the navigation menu (), click Admin to open the Admin tab.

  8. In the System Configuration section, click Auto Update.

  9. Click Change Settings, and click the Advanced tab.

  10. In the Web Server field, type https://localhost/ or https://127.0.0.1/ and make sure you include forward slashes as shown.

  11. In the Directory field, type software/strm/autoupdate/ and make sure you include forward slashes as shown.

  12. Click Save. You will receive a blue notification, which is normal.

  13. Click Check for Updates from the left menu.

  14. Click the Get New Updates button.

The JSA auto-update directory is created, the auto-update package downloaded, and the configuration for auto-updates is complete.
 

Screenshot and Lab Results:

  • Copy the autoupdate-XX.tgz file to the /transient/autoupdate directory as the file size is almost 4.5GB.

mkdir /transient/autoupdate
  • By default, /opt/qradar/www/software/strm/autoupdate/ will not be present. You will need to create the directory as shown in the screenshot below:

mkdir /opt/qradar/www/software/
mkdir /opt/qradar/www/software/strm/
ln -s /transient/autoupdate autoupdate

Note: Create a soft link with the help of the above command as, by default, the /opt directory has less disk space. Copying the autoupdate files in the /opt directory can cause disk space outage issue and may impact the services in JSA.

  • Then un-tar the file in the /transient/autoupdate/ directory:

cd /transient/autoupdate/
tar -zxvf autoupdate-10102019.tgz

  • Validate if all the files are present under /transient/autoupdate/:

cd /transient/autoupdate/​
ls -la

  • Change file ownership and permission:​

chown -R nobody:nobody /transient/autoupdate/    
chmod -R 777 /transient/autoupdate/
  • From the JSA GUI: Go to Admin > Auto Update > Change Settings > Advanced > Make the changes and Save.

Web Server: https://127.0.0.1/
Directory: software/strm/autoupdate/

  • Now go to Auto Update > Check for Updates > Click on Get New Updates. You will see the latest date and timestamp for the “Updates were Installed.”


 

Note: If there are multiple JSA installations in your network (such as distributed and/or HA installation), you do not have to create a local repository on all the devices. Dedicate one JSA as an auto-update server and on the additional JSAs, point the URL in the WebUI to the dedicated JSA auto-update server.

Modification History:

2019-10-30: Updated for JSA

2019-12-06: Corrected the commands for updating ownership and permission of autoupdate directory

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search