This guide helps you to verify/troubleshoot the IDP attack database is downloaded and installed on a SRX device.

If your SRX is in a Chassis Cluster, refer to KB23423 - Verify/Troubleshoot IDP attack database on SRX in a Chassis Cluster.

Symptoms:

• Not able to download the Attack Database
• The version of the Attack Database does not match with the current version

Perform the following steps:

[Check Attack database version]

Run the command 'show security idp security-package-version'.

user@srx> show security idp security-package-version
node0:
----------------------------------------------------------------
Attack database version:1732(Mon Jul 19 12:44:15 2010) <------
Detector version :10.4.140100525
Policy template version :N/A

Does the 'Attack database version' have a recent date?

• Yes - IDP is enabled and up-to-date:
  For a list of other SRX/IDP issues, refer to the table in KB23424 - Troubleshooting IDP with SRX.


• No - The version is N/A:   Continue to Step 2


• No - The version and date appear to be old:   Jump to Step 3


• No - I get the message: Warning IDP disabled:
  Run the following command from configuration mode to enable IDP:
  delete system processes idp-policy disable


• No - The option to run the command is not there:
  The IDP functionality is supported on High Memory SRX Branch and High-End devices.
  Refer to the Junos 11.4 - SRX Feature Support Reference.

Note: The Detector version is automatically updated when the Attack Database is updated.  Therefore, if the Attack database version is up-to-date, then the Detector version is up-to-date.
For information on when/how to download policy templates, refer to KB16490 - How to use Predefined policy templates as IDP Policy in SRX and J-Series devices.



[Version is N/A]

Run the command 'show system license'.

Do you see the feature 'idp-sig' (which is the IDP license)?

• No - Follow the instructions in Section I and II of KB16489 - Quick Setup Guide for Configuring IDP on a SRX:
  
  • I. Install the license AND
  • II. Download and install the signature database


• Yes - Follow the instructions in Section II of KB16489 - Quick Setup Guide for Configuring IDP on a SRX:
  
  • II. Download and install the signature database

Then jump to Step 4 to check the status.

[Outdated database version]

Consider setting up the IDP signature database to be updated automatically.  
For more information, refer to KB16491 - How to update IDP signature database automatically.

If you want to update the IDP signature database now, follow the instructions in Section II of KB16489 - Quick Setup Guide for Configuring IDP on a SRX:

• II. Download and install the signature database

Then continue to Step 4 to check the status.

[Attack database download status?]

Check the status of the Attack database download with the following command.  (You may have to repeatedly run the command if it is 'in Progress'.)

user@srx> request security idp security-package download status    

What is the status?

• Done;successfully downloaded:  Continue to Step 5 to verify the installstatus.


• Done;fetching/uncompressing for....failed:
  Continue with the steps in KB23359 - Troubleshoot the IDP error message "Done;fetching/...failed".


• Done; Failed in downloading: 
  Collect the IDP information in KB21781 - [SRX] Data Collection Checklist, and open a case with your technical support representative.


• In progress:
  Repeat the aforementioned command to check the download status again.
  Note: The download typically takes 2-3 minutes to complete.

[Attack database install status?]

Check the status of the Attack database install with the following command.  (You may have to repeatedly run the command if it is 'in Progress'.)

user@srx> request security idp security-package install status    

What is the status?

• Done;Attack DB update : successful:
  The IDP Attack database has been successfully installed.
  To 'Configure Recommended Policy as the IDP Policy' and 'Enable a Security Policy for IDP inspection', refer to Section III and IV of KB16489 - SRX Getting Started - Quick Setup Guide for Configuring IDP on a SRX.
  For a list of other possible SRX/IDP issues, refer to KB23424 - Troubleshooting IDP with SRX.


• Done; Attack DB Update : not performed
  Are you sure that the Attack database was downloaded successfully in Step 4?  If so, collect the IDP information in KB21781 - [SRX] Data Collection Checklist, and open a case with your technical support representative.


• In progress:
  Repeat the command to check the install status again in 5 - 10 minutes.
  Note: The installation can take up to 15 minutes to complete.


• Ready to accept a new request:
  Follow the instructions to install the Attack database.  Refer to the steps in Section II of KB16489 - Quick Setup Guide for Configuring IDP on a SRX.