Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] IDP Attack Database download failure

0

0
Article ID: KB23359 KB Last Updated: 06 Apr 2012Version: 2.0 Summary:

The common reasons for IDP attack database download failures on a SRX device are listed.

This article is referenced from the KB23422 - Resolution Guide - SRX - Verify/Troubleshoot IDP attack database on SRX.

Symptoms:

When checking the status of the Attack database download with the request security idp security-package download status command, the following error message is reported:

user@srx> request security idp security-package download status

Done;fetching/uncompressing for....failed

Note:  If the Attack Database install failed, a common reason is that the Attack Database download also failed.  
Cause:

This error message can be caused by multiple issues. The scenarios, which might cause the above error, can be broadly classified as follows:

  • The SRX device does not have Internet connectivity.

  • The DNS server is not configured on the SRX device.

  • The SRX device does not have access to the SIG DB server.

  • Storage space in the Compact Flash is full.

Solution:

If the Attack database download fails, perform the following checks (these are the common failure reasons).


Verify if the SRX device has Internet connectivity:

  1. Check if the ISP's next hop router/default gateway can be pinged from the SRX device.

  2. Check if an active route pointing to the ISP's next hop router is present in the SRX device's routing table:
    root>  show route <IP address of the SRX'S default gateway>
    If an active route is absent, configure a static route to the ISP's router. For example:
    root# set routing-options static route 0/0 next-hop <ISP routers IP address>
    root# commit
  3. Check the state of the SRX device's egress interface to confirm that the link is physically up:
    root> show interfaces <interface name> terse

Verify if the SRX device has the name-server configured:

If the SRX does not have a name-server configured, then it can be configured as follows:
root# set system name-server <Name Servers IP address>
Verify if the SRX device's Signature Database server is configured:
The URL for the Signature Database is configured as follows:
root# set security idp security-package url https://services.netscreen.com/cgi-bin/index.cgi
root# commit

Verify if the storage space in the Compact flash is not full:

Check the storage space by using the following command:
root> show system storage
 If the space is full, perform a cleanup process and remove all the non-operational files from the Compact Flash. The set of non-operational files can be viewed by running the following command:
root> request system storage clean up dry-run
To remove all such files, run the following command:
root> request system storage clean up

Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search