This article explains why Deep Inspection (DI) updates have different versions for each ScreenOS image.
Deep Inspection (DI) updates have different versions for each ScreenOS image. The total number of signatures in the databases will always be different between ScreenOS images.
ScreenOS 5.1.0rx has many more signatures than ScreenOS 5.0.0rx. Further, ScreenOS 5.1 has more protocols, more contexts, and is able to support signature chains.
Example:
DI versions:
ScreenOS 5.0.0r9 = DI Version 141
ScreenOS 5.1.0r1 = DI Version 139
Deep inspection is a subset of the IDP database. As such, DI shares the same database version number as the latest IDP database version.
Click here for the latest IDP/DI database version and content information.
It is also possible to view the ScreenOS Firewall's currently loaded database version and attack information.
This is achieved via the CLI (console, telnet or SSH connection) or the WebUI.
To check the currently loaded DI attack database version via the CLI, perform the following steps:
Open the Command Line Interface (CLI). Refer to KB4082 - Accessing the Command Line Interface Using Telnet.
To check the current DI attack database version, enter the following command:
netscreen-> get attack db
Attack database Version: 146(9 Nov 2004 03:01:02)
Number of Attacks: 246, Number of Groups: 29
Attack database Server:
Automatic Operation:
Schedule for automatic Operation:
To check a full listing of the attacks, enter the following command:
netscreen-> get attack
A list of attacks will be displayed in a table including DNS, FTP, IMAP, POP3, SMTP, and other types of attacks.
To check the currently loaded DI attack database version via the WebUI, perform the following steps:
Open the WebUI. Refer to KB4317 - [ScreenOS] Accessing your Juniper firewall device using the WebUI.
From the NetScreen options menu, click Configuration, select Update, and then click Attack Signature.
The current DI database version will be displayed.

2017-08-03: Minor non-technical updates.