Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Updating an IDP security-package on a replaced node within a cluster

0

0

Article ID: KB32424 KB Last Updated: 23 Nov 2021Version: 2.0
Summary:

This article explains how to update the IDP security-package on a cluster node that has been replaced via an RMA.

Symptoms:
  • RMA of the faulty node was done; replacement device was received and needs to be updated.

  • Device is a node within a cluster.

Solution:

Perform the following:

  1. Transfer the License from the old device to the new device by using the Product License portal. For non-Junos product licensing, refer to this site.

  2. Install the license on the replacement device:

>request system license add terminal
  1. Update the IDP security-package by using one of two methods:

    1. Online update of the database. Select from one of two methods:

      1. Add the node back into the cluster and then perform the update. Refer to KB21134 - [SRX] RMA replacement of a node in a Chassis Cluster for more information.

  1. Disable IDP.

Note: IDP should be disabled on the primary node; otherwise the secondary node will go into a disabled state due to configuration-synchronization failure. 

#deactivate security idp
#commit

Note: Run the following commands on the primary node.

  1. Download the IDP security-package on the device:

>request security idp security-package download
  1. Check the status of the download:

>request security idp security-package download status
  1. Install the IDP security-package on the device:

>request security idp security-package install
  1. Check the status of the installation:

>request security idp security-package install status
  1. Update the IDP security-package first in standalone mode (with Internet access enabled on this node), and then add the node back into the cluster. Note that all the steps in the following section should be performed on the new node in standalone mode before adding it back to the cluster.

    1. Download the IDP security-package on the device:

>request security idp security-package download 
  1. Check the status of the download:

>request security idp security-package download status
  1. Install the IDP security-package on the device:

>request security idp security-package install 
  1. Check the status of the installation:

>request security idp security-package install status
  1. Enable security IDP:

#activate security idp
#commit
  1. Offline update of the database. In offline update, there are two methods to select.

    1. Join and then copy.

      1. Disable IDP.

        Note: IDP should be disabled on the primary node; otherwise, the secondary node will go into a disabled state due to configuration-synchronization failure.

#deactivate security idp
#commit
  1. Add the node back into the cluster.

  2. Copy offline-update.tar.gz to the RG0 primary node and perform offline installation. See KB32399 - [SRX] How to update IDP Signature Database off-line for more details.

  3. After the IDP security-package update is completed, verify that both the nodes are showing the correct IDP security-package-version.

>show security idp security-package-version
  1. Enable security IDP:

#deactivate security idp
#commit
  1. Copy and then join.

    1. Perform offline installation on the standalone device. See KB32399 - [SRX] How to update IDP Signature Database off-line for more details.

    2. After the installation is complete, add the node to the cluster.

    3. After the IDP security-package update is completed, verify that both the nodes are showing the correct IDP security-package version.

>show security idp security-package-version
Modification History:

2021-11-23: Steps in "Offline update of the database" section in Solution modified to reflect the correct information

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search