Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

DI update key check failed on the Firewall

0

0

Article ID: KB4933 KB Last Updated: 22 Jul 2010Version: 4.0
Summary:

Symptoms:
Environment:
  • exec attack update
  • Deep Inspection
  • Manually update DI attack signature
Symptoms & Errors:
  • DI update key check failed
  • DI attack version is not updating
Solution:

When updating the DI Attack Signature, if you see the console message "DI update key check failed", your DI license key has expired.  Verify if your DI license key is up to date by issuing the command

get license

Example of expired license (compare to the current clock time):

ns5gt-> get license
di_db_key           : 2Vsu/
                      I+iT17LJ0nUKXtd99sb50KmAOKE1vABdtuNr6vp+tpHPU2p//
                      c6+g0H+UBFgFGwOVyGreKb/
                      miJcGVKhUcqtQgo7tFEH+B+I8SIVBNbh4QoyUcL2+XdfTd1pYS
                      j/
                      3dkm1U1YIu9qgPcLvPT6BcGrTy1SNcCZKnEilUKJLhqVI7AeCB
                      5QZ3hwrFoqglbjUj/LatxAq3VAlDHd/UI4emCRXwM/
                      caCzgF4TAWGmok3k9auyuz96/
                      pH9RguaJwsfr1E+5hiB5fP4XiVAz09j7dQjxhr2hiGuM0S3I5B
                      qaf/jCH6Jce6/lTFrCwzvXTOZkHsSAxdrKqXxH3TLZzMuMA==
expire date: 2004/7/9

ns5gt-> get clock
Date 05/12/2005 10:10:45, Daylight Saving Time enabled
The Network Time Protocol is Enabled
Up 0 hours 32 minutes 27 seconds Since 12 May 2005 09:38:18
1115892645.859643 seconds since 1/1/1970 0:0:0 GMT
GMT time zone area -8:00
GMT time zone offset 7:00

The corresponding console message from a DI Attack Update is as follows:

ns5gt-> exec attack update
.............Download succeeded.
Download file size=<182696>
Loading attack database...DI update key check failed

After renewing your DI subscription, you should be able to successfully update your DI signature:

ns5gt-> exec attack update
.............Download succeeded.
Download file size=<182696>
Loading attack database...
Checking signature in attack database...Authenticated
............
Done.
Done.
Switching attack database...Done
Saving attack database to flash...Done.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search