Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] IDP Policy commit status displays message “Active policy not configured or Active policy not modified”

0

0

Article ID: KB29267 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:

The command show security idp policy-commit-status results in error message. This article explains that the message is informational and not an indication of any error or issue.

Symptoms:

How does one interpret the output of show security idp policy-commit-status command? Which is the right command to use for IDP policy load verification?

Cause:

This message is seen in following scenarios:

  1. When there is no active policy configured for IDP
  2. When the IDP policy is configured and loaded but no changes are made to the policy with current commit

If no changes are made to the IDP policy, when commit is performed, the output will be:

"Active policy not configured or Active policy not modified"
Solution:

The message is informational and not an indication of any error or issue.

When no changes are made to the IDP policy

For IDP policy presence verification, the command show security idp status or show security idp policies must be run.

root@SRX-240H2_254> show security idp status
State of IDP: Default, Up since: 2014-07-01 03:23:38 UTC (2d 11:08 ago)

Packets/second: 0 Peak: 0 @ 2014-07-02 23:35:44 UTC
KBits/second : 0 Peak: 0 @ 2014-07-02 23:35:44 UTC
Latency (microseconds): [min: 0] [max: 0] [avg: 0]

Packet Statistics:
[ICMP: 0] [TCP: 0] [UDP: 0] [Other: 0]

Flow Statistics:
ICMP: [Current: 0] [Max: 0 @ 2014-07-02 23:35:44 UTC]
TCP: [Current: 0] [Max: 0 @ 2014-07-02 23:35:44 UTC]
UDP: [Current: 0] [Max: 0 @ 2014-07-02 23:35:44 UTC]
Other: [Current: 0] [Max: 0 @ 2014-07-02 23:35:44 UTC]

Session Statistics:
[ICMP: 0] [TCP: 0] [UDP: 0] [Other: 0]
Policy Name : Recommended    <==

When the IDP policy is changed or modified

For IDP policy load verification, the command show security idp policy-commit-status can be used to check whether the policy has started compiling and whether it has been loaded or not.


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search