Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Exec attack-db update is having problems downloading the attack signature updates.

0

0

Article ID: KB3254 KB Last Updated: 07 Jun 2010Version: 4.0
Summary:

exec attack-db update is having problems downloading the attack signature updates.

Symptoms:
Symptoms & Errors:
  • CLI command exec attack-db update results in the following errors posted to the console:
Signature update key is missing.
Error contacting attack database server.
Failed command - exec attack-db update
  • The CLI command get lic shows DI is enabled, but the Expire Date is disabled.

Deep Inspection: Enable
Deep Inspection Database Expire Date: Disable

  • CLI command exec attack update results in the following error posted to the console:

Download failed.Error: Unknown host


Solution:

A proper "exec attack update" should look like this:

 
exec attack update                                                      
........Download succeeded.
Download file size=<113699>
Loading attack database.............
Done.
Done.
Switching attack database...Done
Saving attack database to flash...Done.

Most of the issues are related to the configuration settings.  In order to update the database, the server must be reachable.  Check to see that the following commands are set on the device:

set attack db server "https://services.netscreen.com/restricted/sigupdates"

set dns host dns1 x.x.x.x                                                                            

(where x.x.x.x is the IP address of your dns server)

set route  0.0.0.0/0 interface untrust gateway y.y.y.y            

(where y.y.y.y is the upstream default gateway for the interface.)


Test to see that you can ping the update database server.

ping services.netscreen.com
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to services.netscreen.com [207.17.137.163], timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/3 ms

A valid  license key for deep inspection service is required.  Check to see if one has been installed.  It should look similar to:

get lic
vsys_key            : d1df8b793479efff
vr_key              : bb10dee6775d10fa
zone_key            : 3706b5a88ce60064
di_db_key           : 2LoL9j3hpaX6kSJI6bHfJUTloyBXH3XHNJttUrhdXe3nNfR6a2
                      F8S5i0HJm2vKkxEGA8kPqV+HPeHvWqtX9jXRjguUAN3HrYTjp3
                      ZNQVeiIbADa8UQWfcx/
                      7U6cQGlgT6SicHFbT27y+6vfqjayzVODPnWMK7VRwatB+Wv2Be
                      RSpbLBnMMM8f3BauFCk6aZQ9+iSINkoAPjoqGfTYvu1VKkD4AL
                      c103GcShXksV6cQ0R3hsshWAVsdVGfnmyjup6LQUKuy98VMOdN
                      RnFZuvkVVrCxQ6xzFBHJNz+J1ZBZV8ipRZKNAxyExlGxkl8zaL
                      dJE3VyZD0W/H5/EKUc6QCo9A==
expire date: 2008/12/31

 

Note:  Make sure the license key hasn't expired. 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search