Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX/IDP] Commit fails with the 'No rulebase configured for active policy error: configuration check-out failed' error message

0

0

Article ID: KB26964 KB Last Updated: 23 Jul 2020Version: 3.0
Summary:

This article describes how to correct the following commit failure error message:

No rulebase configured for active policy
error: configuration check-out failed.

Symptoms:

IDP signature database is downloaded and installed successfully. For example:

Signature database downloaded:

root> request security idp security-package download
Progress of the download verified:
root> request security idp security-package download status

root> request security idp security-package download status
In progress:downloading file ...platforms.xml.gz

root>request security idp security-package download status
Done;Successfully downloaded from(https://services.netscreen.com/cgi-bin/index.cgi).
Version info:3299
Signature DB installed by running the following command:
root> request security idp security-package install

root> request security idp security-package install status
The signature DB will be successfully installed.

Template applied to the Junos configuration and then committed:
root> configure
root# set system scripts commit file templates.xsl
root# commit


Then when the active policy is set as Recommended or any other policy (in this case, it is Recommended policy) and commit is performed, the following error message is generated:

root# set security idp active-policy Recommended
root# commit

[edit security idp]
'idp-policy Recommended'
No rulebase configured for active policy
error: configuration check-out failed
Cause:

This issue is due to the security package not being properly installed.

Solution:
To resolve this issue, the security package has to be re-installed by deleting the previous references. To successfully commit the configuration, perform the following procedure:
[edit]
root# run start shell user root
Type the root password and delete the files:
root% rm -rf /var/db/idpd/sec-download/*
Install either a previous version of the attack DB or the latest version:
root> request security idp security-package download version 3299 full-update

root> request security idp security-package install
Set the active policy as Recommended and then commit the configuration; it should be successful this time.
root# set security idp active-policy Recommended
root# commit
Check the policy commit status:
root # run show security idp policy-commit-status

If additional assistance is required, contact your technical support representative.
 
Modification History:
2020-07-18: Updated IDP version.

 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search