Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Policy Enforcer] Feed Download failure on SRX with Error: 404 - File Not Found

0

0

Article ID: KB36877 KB Last Updated: 03 May 2021Version: 1.0
Summary:

SRX device with Junos version 20.3R1 (including service releases) attempts to fetch feeds via Policy Enforcer (PE) and fails with error 404 File not found.

These are the 4 feed URLs from the manifest:

  • /api/v1/jsurf/CC/cc_ip_data/736e3d756e646566696e65640a646d3d756e646566696e6564fe640a
  • /api/v1/jsurf/CC/cc_url_data/736e3d756e646566696e65640a646d3d756e646566696e6564fe640a
  • /api/v1/jsurf/GeoIP/geoip_country/736e3d756e646566696e65640a646d3d756e646566696e6564fe640a
  • /api/v1/jsurf/Infected-Hosts/infected_hosts/736e3d756e646566696e65640a646d3d756e646566696e6564fe640a
Symptoms:

In Security Director (SD)-PE, the feeds are downloaded from SkyATP Cloud successfully but SRX with Junos code 20.3R1 cannot download the feeds from PE.

Note: On releases before Junos 20.3R1, this issue does not exist.

Error on PE logs::

Download (null)feed geoip_country (20210406.1) in category GeoIP failed<File not Found> [0][404].
feed_provider: [04/08/2021 02:50:35] [WARNING] [httpserver] - 404 GET /api/v1/jsurf/GeoIP/geoip_country/736e3d756e646566696e65640a646d3d756e646566696e6564fe640a (127.0.0.1) 0.38ms

From manifest.xml:

log/messages:Apr  9 19:32:40.683  DN-SRX-4200 ipfd[9423]: SECINTEL_HTTP_ACCESS_FAILED: <2> 
Access url https://10.0.0.203/api/v1/jsurf/CC/cc_ip_data/736e3d756e646566696e65640a646d3d756e646566696e6564fe640a on port 443 failed because of File not Found.
log/messages-Apr  9 19:32:40.684  DN-SRX-4200 ipfd[9423]: SECINTEL_FILE_DOWNLOAD_FAILED: <2> Feed cc_ip_data of category CC download failed<File not Found>, status code is [0][404].
log/messages:Apr  9 19:32:43.779  DN-SRX-4200 ipfd[9423]: SECINTEL_HTTP_ACCESS_FAILED: <2> 
Access url https://10.0.0.203/api/v1/jsurf/CC/cc_url_data/736e3d756e646566696e65640a646d3d756e646566696e6564fe640a on port 443 failed because of File not Found.
log/messages-Apr  9 19:32:43.780  DN-SRX-4200 ipfd[9423]: SECINTEL_FILE_DOWNLOAD_FAILED: <2> Feed cc_url_data of category CC download failed<File not Found>, status code is [0][404].
log/messages:Apr 12 22:03:50.210  DN-SRX-4200 ipfd[9423]: SECINTEL_HTTP_ACCESS_FAILED: <2> 
Access url https://10.0.0.203/api/v1/jsurf/GeoIP/geoip_country/736e3d756e646566696e65640a646d3d756e646566696e6564fe640a on port 443 failed because of File not Found.
log/messages-Apr 12 22:03:50.212  DN-SRX-4200 ipfd[9423]: SECINTEL_FILE_DOWNLOAD_FAILED: <2> Feed geoip_country of category GeoIP download failed<File not Found>, status code is [0][404].
Cause:

SRX is not sending the "device=" in the request for manifest.xml.

 Working SRX versions:

feed_provider: [04/09/2021 10:13:58] [INFO] [httpserver] - 200 GET /api/v1/manifest.xml?
device=646d3d565352582d0a736e3d3638383345373139313236300a6a763d4a4e50522d31312e302d32303230303932322e343034323932315f6275696c0a697425d (127.0.0.1) 43.51ms

 
Non-working SRX versions: *("device=### missing")

feed_provider: [04/09/2021 10:13:15] [INFO] [httpserver] - 200 GET /api/v1/manifest.xml (127.0.0.1) 62.95ms


When SRX fetches manifest.xml from PE, if there is no SSL config, then the request for manifest.xml from SecIntel to Policy Enforcer is missing the "?device=xxx" parameter.

Solution:

This is an SRX Junos code issue and it is resolved in Junos version 20.3R2.

It is recommended to upgrade Junos to 20.3R2 to continue with downloading Manifest from SkyATP via Policy Enforcer(PE).

Note: This issue is only seen with Junos 20.3R1 and its subsequent service releases (SR) for SRX.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search