Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Sky ATP] GeoIP output shows zero objects

0

0

Article ID: KB35156 KB Last Updated: 01 Nov 2019Version: 1.0
Summary:

This article explains what to do when traffic filtering using GeoIP dynamic address objects stops working.

Symptoms:

Although the following summary shows that there are many GeoIP objects, dynamic-address shows 0 entries.

> show services security-intelligence category summary
node0:
--------------------------------------------------------------------------

Category name     :GeoIP
  Status          :Enable
  Description     :GeoIP data schema
  Update interval :435600s
  TTL             :157680000s
  Feed name       :geoip_country
    Version       :20190924.1
    Objects number:363448
    Create time   :2019-09-26 07:37:03 MDT
    Update time   :2019-09-26 22:49:04 MDT
    Update status :Store succeeded
    Expired       :No
    Options       :N/A


> show services security-intelligence update status
node0:
--------------------------------------------------------------------------
Current action        :Checking update interval of category GeoIP.
Last update status    :Update interval of category GeoIP is not reached.
Last connection status:succeeded
Last update time      :2019-09-30 14:36:17 MDT

> show security dynamic-address category-name GeoIP            
node0:
--------------------------------------------------------------------------

Total number of matching entries: 0

Cause:

Some issue occurs due to which security intelligence data fails to copy to the PFE for GeoIP data.

Solution:

To quickly resolve this issue, use the following workaround:

> request services security-intelligence uninstall
> request services security-intelligence download

But before you run the above workaround, collect the following data in order for Support and Development to isolate the issue in case the problem persists even after the workaround is attempted:

  1. Enable Security Intelligence traceoptions with level all and flag all (see below for an example):
user@host# set services security-intelligence traceoptions file geoip_trace.log
user@host# set services security-intelligence traceoptions file size 100M
user@host# set services security-intelligence traceoptions level all
user@host# set services security-intelligence traceoptions flag all
  1. Commit the changes and download a new Security Intelligence Manifest by using request services security-intelligence download.

% cat /var/db/geoip/GeoLite2-Country.mmdb
% ls -l /var/db/secinteld
% cat /var/db/secintel/download/download_status.log
  1. To collect PFE (VTY) data, users can utilize the request pfe or cprod shell. Refer to KB21344 - How to check the application timeout for default Junos applications on SRX devices for details on utilizing the cprod command in a High Availability environment on an SRX345 device:

% cprod -A node0.fwdd -c "show usp jsf jbuf_pool stats"
% cprod -A node0.fwdd -c "show usp jsf_secintel show stats"
% cprod -A node0.fwdd -c "show usp jsf_secintel show stats debug"
% cprod -A node0.fwdd -c "show usp jsf_secintel show memory"
% cprod -A node0.fwdd -c "show usp jsf_secintel show policy"
% cprod -A node0.fwdd -c "show usp jsf_secintel show urlfilter"
% cprod -A node0.fwdd -c "show usp jsf_secintel show feed_table"
% cprod -A node0.fwdd -c "show usp dynamic-address geoip"
> show services security-intelligence update status
> show services security-intelligence category summary
> show security dynamic-address category-name GeoIP

When the above details have been retrieved, provide the data to the Support team so that it can be analyzed and Development can attempt to isolate any software issues.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search