Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Resolution Guide - Verify/Troubleshoot IDP attack database on SRX

0

0

Article ID: KB23422 KB Last Updated: 28 Sep 2021Version: 2.0
Summary:

This guide helps you verify/troubleshoot whether the IDP attack database is downloaded and installed on an SRX device.

Symptoms:
Symptoms:
  • Not able to download the Attack Database
  • The version of the Attack Database does not match with the current version
Solution:

Perform the following steps:

[Check Attack database version]

Step 1. Run the command 'show security idp security-package-version'.

user@srx> show security idp security-package-version
node0:
----------------------------------------------------------------

Attack database version:3410(Tue Aug 17 18:02:08 2021 UTC)  <------
Detector version :12.6.130200828

Policy template version :N/A

Does the 'Attack database version' have a recent date?

user@srx> show security idp security-package-version
node0:
----------------------------------------------------------------

Attack database version:N/A(N/A)  <------
Detector version :12.6.140121210

Policy template version :N/A

  • No - The version and date appear to be old:   Jump to Step 3

  • No - I get the message: Warning IDP disabled:
    Run the following command from configuration mode to enable IDP:
    delete system processes idp-policy disable

  • No - The option to run the command is not there:
    The IDP functionality is supported on High Memory SRX Branch and High-End devices.
    Refer to the Junos 11.4 - SRX Feature Support Reference.

Note: The Detector version is automatically updated when the Attack Database is updated.  Therefore, if the Attack database version is up-to-date, then the Detector version is up-to-date.
For information on when/how to download policy templates, refer to KB16490 - How to use Predefined policy templates as IDP Policy in SRX and J-Series devices.

[Version is N/A]

Step 2. Run the command 'show system license'.

Do you see the feature 'idp-sig' (which is the IDP license)?

Then jump to Step 4 to check the status.

[Outdated database version]

Step 3. Consider setting up the IDP signature database to be updated automatically.  
For more information, refer to KB16491 - How to update IDP signature database automatically.

If you want to update the IDP signature database now, follow the instructions in Section II of KB16489 - Quick Setup Guide for Configuring IDP on a SRX:
  • II. Download and install the signature database

Then continue to Step 4 to check the status.

[Attack database download status?]

Step 4. Check the status of the Attack database download with the following command.  (You may have to repeatedly run the command if it is 'in Progress'.)

user@srx> request security idp security-package download status    

What is the status?

[Attack database install status?]

Step 5. Check the status of the Attack database install with the following command.  (You may have to repeatedly run the command if it is 'in Progress'.)

user@srx> request security idp security-package install status    

What is the status?

Modification History:
2021-09-11: Updated the command output with the latest version of IDP and removed cluster related IDP configuration as it's only valid for EOL/EOE version, i.e below 12.1

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search