Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[JSA] X-Force feeds not updated with proxy enabled

0

0

Article ID: KB31626 KB Last Updated: 21 Jun 2019Version: 2.0
Summary:

Managed hosts in a deployment contact the Console's Apache server to send cached requests. After X-Force data is received by the JSA Console, the result is cached and replayed for all other managed hosts that make a request for new IP reputation data. This article explains the issue and suggests a workaround.

Symptoms:

Users cannot see any data updated in following locations:

/opt/qradar/dca/dca/init/dca_ipr/update                                
/opt/qradar/dca/dca/init/dca_update/update                            
/opt/qradar/dca/dca/init/dca_urlclassification/update   
Cause:

If you have a proxy configured in your network, administrators will need to update httpd on the console in order to pass-through the existing request and to also send the request through the proxy server in order to receive the X-Force data.

Solution:

NOTE: NTLM authentication is not supported.

  1. Use SSH to log in to the JSA Console.
  2. Open the /etc/httpd/conf.d/ssl.conf file in a text editor.
  3. Add the following lines before </VirtualHost>:
    ProxyRemote https://license.xforce-security.com/ http://PROXY_IP:PROXY_PORT

    ProxyRemote https://update.xforce-security.com/ http://PROXY_IP:PROXY_PORT
  4. Update the IP address and port of the corporate proxy server to allow an anonymous connection to the X-Force security servers.
  5. Save the changes to the ssl.conf file.
  6. Restart the tomcat service by typing the following command:
    For JSA release 7.2.8 and lower: 
    service tomcat restart

    For JSA release 7.3.0 and higher: 
    systemctl restart tomcat

    Important:
    Restarting the tomcat service on the JSA console logs out all users;  the managed hosts might produce error messages. Restart the tomcat service during scheduled maintenance windows.

Modification History:
2019-06-20: Updated the KB with service restart command for JSA release 7.3.0 and higher.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search