This article provides information about the URL for the Deep Inspection Attack database.
If you are experiencing issues with downloading the Deep Inspection Signature, the following event log message might be generated:
Cannot download attack database ... (Error in response).
Make sure the attack database server URL is correct; it should be https://services.netscreen.com/restricted/sigupdates. You could also leave this field blank and ScreenOS will still know how to retrieve it; based on the license key.
The path for each ScreenOS release is slightly different; the version number changes to reflect the OS release that is running on the device. The URL is:
https://services.netscreen.com/restricted/sigupdates/<sos.version>/<platform>/attacks.bin?sn=xxxxxxxxxxxxxxxx
NOTE:
The <platform> value for 5200 and 5400 are both: ns5000
The <platform> value for ISG1000 is the SAME as the value for the ISG2000: isg2000
The <platform> value for any SSG devices is ssg<type>
For example:
For an ISG1000 running ScreenOS version 6.2, the url is: https://services.netscreen.com/restricted/sigupdates/6.2/isg2000/attacks.bin?sn=xxxxxxxxxxxxxxxx
For an ns5200 running ScreenOS version 6.3, the url is:
https://services.netscreen.com/restricted/sigupdates/6.3/ns5000/attacks.bin?sn=xxxxxxxxxxxxxxxx
For a SSG550 device that is running ScreenOS version 6.2, the URL is: https://services.netscreen.com/restricted/sigupdates/6.2/ssg550/attacks.bin?sn=xxxxxxxxxxxxxxxx
If you are still experiencing issues with downloading the DI signature database to the device , telnet to the NetScreen device and run
debug httpfx all and
debug pki detail.
This will help JTAC determine where the issue lies.