Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Resolution Guide - SRX - Verify/Troubleshoot IDP attack database on SRX

0

0

Article ID: KB23422 KB Last Updated: 31 Mar 2012Version: 1.0
Summary:

This guide helps you to verify/troubleshoot the IDP attack database is downloaded and installed on a SRX device.

If your SRX is in a Chassis Cluster, refer to KB23423 - Verify/Troubleshoot IDP attack database on SRX in a Chassis Cluster.



Symptoms:
Symptoms:
  • Not able to download the Attack Database
  • The version of the Attack Database does not match with the current version

Cause:

Solution:

Perform the following steps:



[Check Attack database version]

Step 1. Run the command 'show security idp security-package-version'.

user@srx> show security idp security-package-version
node0:
----------------------------------------------------------------
Attack database version:1732(Mon Jul 19 12:44:15 2010) <------
Detector version :10.4.140100525
Policy template version :N/A

Does the 'Attack database version' have a recent date?

  • Yes - IDP is enabled and up-to-date:
    For a list of other SRX/IDP issues, refer to the table in KB23424 - Troubleshooting IDP with SRX.

  • No - The version is N/A:   Continue to Step 2

  • No - The version and date appear to be old:   Jump to Step 3

  • No - I get the message: Warning IDP disabled:
    Run the following command from configuration mode to enable IDP:
    delete system processes idp-policy disable

  • No - The option to run the command is not there:
    The IDP functionality is supported on High Memory SRX Branch and High-End devices.
    Refer to the Junos 11.4 - SRX Feature Support Reference.

Note
: The Detector version is automatically updated when the Attack Database is updated.  Therefore, if the Attack database version is up-to-date, then the Detector version is up-to-date.
For information on when/how to download policy templates, refer to KB16490 - How to use Predefined policy templates as IDP Policy in SRX and J-Series devices.



[Version is N/A]

Step 2. Run the command 'show system license'.

Do you see the feature 'idp-sig' (which is the IDP license)?


Then jump to Step 4 to check the status.




[Outdated database version]

Step 3. Consider setting up the IDP signature database to be updated automatically.  
For more information, refer to KB16491 - How to update IDP signature database automatically.

If you want to update the IDP signature database now, follow the instructions in Section II of KB16489 - Quick Setup Guide for Configuring IDP on a SRX:
  • II. Download and install the signature database


Then continue to Step 4 to check the status.




[Attack database download status?]

Step 4. Check the status of the Attack database download with the following command.  (You may have to repeatedly run the command if it is 'in Progress'.)

user@srx> request security idp security-package download status    

What is the status?




[Attack database install status?]

Step 5. Check the status of the Attack database install with the following command.  (You may have to repeatedly run the command if it is 'in Progress'.)

user@srx> request security idp security-package install status    

What is the status?



Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search