This guide helps you verify/troubleshoot the IDP attack database is downloaded and installed on a SRX device in a Chassis Cluster.
If your SRX is not in a Chassis Cluster, refer to KB23422 - Verify/Troubleshoot IDP attack database on SRX.
- Not able to download the Attack Database on node in a Chassis Cluster
- The version of the Attack Database does not match with the current version
Note: In Junos 12.1, a new feature was added to synchronize the IDP security package in a Chassis Cluster automatically, so this will help significantly with the Attack Database being out of sync on the Chassis Cluster nodes in Junos 11.4 and below. See the Release Notes: New Features - Junos 12.1 Branch SRX and New Features - Junos 12.1 High-end SRX.
This guide applies to Junos 12.1 and below.
Perform the following steps:
[Identify which node is primary]
Run the command 'show chassis cluster status', and identify which node is Primary for Redundancy group 0 on your SRX.
user@host> show chassis cluster status
Cluster ID: 1
Node name Priority Status Preempt Manual failover
Redundancy-group: 0, Failover count: 1
node0 254 primary no no
node1 2 secondary no no
Redundancy-group: 1, Failover count: 1
node0 254 primary no no
node1 1 secondary no no
In the above output, node 0 is the primary for Redundancy-group 0 (RG 0 implies the Routing Engine).
[Check Attack database version on Primary node]
Run the command 'show security idp security-package-version', and observe the 'Attack database version' for the Primary node:
node0: <------
--------------------------------------------------------------------------
Attack database version:1732(Mon Jul 19 12:44:15 2010) <------
Detector version :10.4.140100525
Policy template version :N/A
node1:
--------------------------------------------------------------------------
Attack database version:N/A(N/A)
Detector version :10.4.140100525
Policy template version :N/A
Does the Primary node have N/A for the 'Attack database version'?
- Yes - It is best to tackle correcting the Primary node first. To do this, perform the steps in KB23422 - Resolution Guide - SRX - Verify/Troubleshoot IDP attack database on SRX to get an attack database version on the Primary node. Then restart at the top of this article.
- No -
- It has a version: Continue to Step 3 to check the secondary node.
- I get the message: Warning IDP disabled:
Run the following command from configuration mode to enable IDP:
delete system processes idp-policy disable
- The option to run the command is not there:
The IDP functionality is supported on High Memory SRX Branch and High-End devices.
[Check Attack database version on Secondary node]
Now observe the 'Attack database version' for the Secondary node:
node0:
--------------------------------------------------------------------------
Attack database version:1732(Mon Jul 19 12:44:15 2010)
Detector version :10.4.140100525
Policy template version :N/A
node1:
--------------------------------------------------------------------------
Attack database version:N/A(N/A) <------
Detector version :10.4.140100525
Policy template version :N/A
Does the secondary node have N/A for the 'Attack database version'?
- Yes - Continue to Step 4
- No - A version is specified.
If the Attack database versions are the same on each node, go to KB23424 - Resolution Guide - SRX - Troubleshooting IDP for a list of SRX/IDP issues.
If the Attack database versions are different on each node, jump to Step 5.
[Version is N/A]
On the secondary node, run the command 'show system license
'. (Both nodes in a Chassis Cluster must have the IDP license.)
Do you see the feature 'idp-sig' (which is the IDP license)?
[Update database version on Secondary]
Do the Chassis Cluster nodes have connectivity to the Internet?
After performing the steps to update the Attack database, continue to Step 6.
Run the command 'show security idp security-package-version' again.
node0:
--------------------------------------------------------------------------
Attack database version:1732(Mon Jul 19 12:44:15 2010) <------
Detector version :10.4.140100525
Policy template version :N/A
node1:
--------------------------------------------------------------------------
Attack database version:1732(Mon Jul 19 12:44:15 2010) <------
Detector version :10.4.140100525
Policy template version :N/A
Are the Attack database versions the same?
2020-02-08: Article reviewed for accuracy. Article is correct and complete.