Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] The 'Request Security IDP Security Package Download Status' generates the '256' error message

0

0

Article ID: KB25523 KB Last Updated: 31 Mar 2020Version: 5.0
Summary:
This article describes the issue of a SRX administrator receiving the error: 256 error message, when checking the status of a security package download. This prevents the download of the security package.
Symptoms:
When checking the status of a security package download, the SRX administrator receives the following error message:
root> request security idp security-package download status
Done;Fetching SignatureUpdate_tmp.xml.gz failed, error: 256
Cause:
The issue is due to the SRX device being unable to communicate with the server to download the security package. The security server is services.netscreen.com. You will be unable to ping services.netscreen.com from the SRX CLI:
root> ping services.netscreen.com
ping: cannot resolve services.netscreen.com: Host name lookup failure
Note: Normally, DNS name lookup is the issue; but it could be any other issue between the SRX and the NetScreen host. Check parameters, such as DNS, routes, and so on.
 
Solution:
The most common solution for this issue is to configure the DNS, in such a way that name resolution allows to contact services.netscreen.com to download the security update. To configure DNS name servers, edit the system name-server configuration and add name servers:
root>edit
root#edit system name-server
[edit system name-server]
root#set 123.123.123.123
[edit system name-server]
root#set 112.113.114.115
root#commit
Naturally, you will place the real name server IP addresses in the configuration. If DNS resolution is not the issue, look elsewhere to see what is preventing the pinging of the server and open a JTAC ticket; if required.

This behavior is the same in a chassis cluster. This error can be seen in the chassis cluster scenario when the name resolution is not happening for the security server i.e. services.netscreen.com due to the the inactive node's routing engine not having an active route to the internet.
Modification History:
2020-03-31: Article reviewed for accuracy; no changes required.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search