Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Updating IDP security-package on a replaced node within a cluster

0

0

Article ID: KB32424 KB Last Updated: 06 Mar 2018Version: 1.0
Summary:
This article explains how to update the IDP Security-package on one cluster node (which had been replaced via an RMA).
Symptoms:
  • RMA of the faulty node; replacement device received and needs to be updated.
  • Device is a node within a cluster

 
Solution:
  1. Transfer the License from the old device to the new device using the Product License portal.
  2. Install the license on the replacement device:
    >request system license add terminal
  3. Update the IDP security-package using one of two methods:
    1. Online update of the database.  Select from one of two methods:
      1. Join the node back to the cluster and then perform the update.
        1. Disable IDP. **Note**: IDP should be disabled on the primary node or else the secondary node will go into disable state due to configuration-synchronization failure. 
          #deactivate security idp
          #commit
        2. Run the following commands on the primary node
        3. Download the IDP security-package on the box:
          >request security idp security-package download
        4. Check the status of the download:
          >request security idp security-package download status
        5. Install the IDP Security-package on the device:
          >request security idp security-package install
        6. Check the status of the installation:
          >request security idp security-package install status
      2. Update the IDP security-package first in standalone mode (with internet access enabled on this node) and then joining back to the node into the cluster.  The following commands should be run from the node.
        1. Download the IDP security-package on the box:
          >request security idp security-package download 
        2. Check the status of the download:
          >request security idp security-package download status
        3. Install the IDP Security-package on the device:
          >request security idp security-package install 
        4. Check the status of the installation:
          >request security idp security-package install status

    2. Offline update of the database. In offline update, there are two methods to select.
      1. Join and then copy. 
        1. Join the node back into the cluster
        2. Copy the complete sec-download folder from the active node (/var/db/idpd/sec-download).
        3. Disable IDP. **Note**: IDP should be disabled on the primary node or else the secondary node will go into disable state due to configuration-synchronization failure.
          #deactivate security idp
          #commit
        4. Install the IDP Security-package on the device:
          >request security idp security-package install 
        5. Check the status of the installation:
          >request security idp security-package install status
      2. Copy and then join. 
        1. Download the installation files from the internet.  If internet access is not available, consult: KB32399 - [SRX] How to update IDP Signature Database off-line
        2. Copy the files to sec-download folder (/var/db/idpd/sec-download) and install.
        3. Once installed, then join to the cluster.
        4. After the IDP security-package update is done, verify that both the nodes are showing the correct IDP security-package version
        5. Enable security IDP:
          #activate security idp
          #commit

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search