Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Exec attack-db update is having problems downloading the attack signature updates.



Article ID: KB3254 KB Last Updated: 07 Jun 2010Version: 4.0

exec attack-db update is having problems downloading the attack signature updates.

Symptoms & Errors:
  • CLI command exec attack-db update results in the following errors posted to the console:
Signature update key is missing.
Error contacting attack database server.
Failed command - exec attack-db update
  • The CLI command get lic shows DI is enabled, but the Expire Date is disabled.

Deep Inspection: Enable
Deep Inspection Database Expire Date: Disable

  • CLI command exec attack update results in the following error posted to the console:

Download failed.Error: Unknown host


A proper "exec attack update" should look like this:

exec attack update                                                      
........Download succeeded.
Download file size=<113699>
Loading attack database.............
Switching attack database...Done
Saving attack database to flash...Done.

Most of the issues are related to the configuration settings.  In order to update the database, the server must be reachable.  Check to see that the following commands are set on the device:

set attack db server ""

set dns host dns1 x.x.x.x                                                                            

(where x.x.x.x is the IP address of your dns server)

set route interface untrust gateway y.y.y.y            

(where y.y.y.y is the upstream default gateway for the interface.)

Test to see that you can ping the update database server.

Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to [], timeout is 1 seconds
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/3 ms

A valid  license key for deep inspection service is required.  Check to see if one has been installed.  It should look similar to:

get lic
vsys_key            : d1df8b793479efff
vr_key              : bb10dee6775d10fa
zone_key            : 3706b5a88ce60064
di_db_key           : 2LoL9j3hpaX6kSJI6bHfJUTloyBXH3XHNJttUrhdXe3nNfR6a2
expire date: 2008/12/31


Note:  Make sure the license key hasn't expired. 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search