Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] IDP Detector Engine FAQ

0

0

Article ID: KB9769 KB Last Updated: 18 Sep 2020Version: 11.0
Summary:
This article provides information about the Frequently Asked Questions about the IDP Detector Engine.
Symptoms:
Information about the Frequently Asked Questions about the IDP Detector Engine.
Solution:
  • What is a detector?

    The detector engine is a dynamic protocol decoder that includes support for decoding 60+ protocols and 500+ service contexts.

  • How does Juniper distribute the detector engine?

    The detector engine is distributed as part of the signature update pack.

  • How do I download the detector engine?

    The detector engine can be downloaded from NSM. To download the latest detector engine and also the signature updates, go to Tools > View/Update NSM Attack Database.

  • Are the detector engines different for ISG-IDP devices and standalone IDP devices?

    Yes; they are different. When the signature update is performed, NSM will download three different detector engines - IDP Detector Engine for ISG-IDP devices, IDP Detector Engine for stand alone IDP devices, and IDP Detector Engine for JUNOS-IDP devices.

  • When does Juniper release a new detector?

    Typically, Juniper releases a decoder about once a quarter to support new protocols/contexts or fix for false positives. More frequent detector updates may be made available, as required.

  • How to identify the version of the detector that is running on a Standalone IDP platform?

    The following command on the sensor will show the version of the detector:
    # scio getsystem
    Detector Version: x.x.xxxxx
    Alternatively, you can find the detector version from NSM. To find the detector version, Edit the device > Info > IDP Detector version.

  • How to identify the IDP detector version on the ISG-IDP firewall?

    The following command on the ISG-IDP firewall will show the version of the detector:
    #get system
    IDP files version:

    detector.so x.x.xxxxx

    detector.so shows the version of the detector.
    Alternatively, you can find the detector version from NSM. To find the detector version, Edit the device > Security > IDP SM Settings > IDP Detector version.

  • How do I identify the detector version available in NSM?

    In NSM, go to Tools > View/Update NSM Attack Database and click Next to see the current version of the Detector in NSM.

  • Why do I see multiple IDP detector engines when I download the NSM attack database?

    The detector engines are different for ISG-IDP and Standalone IDP. Also, for ISG-IDP, the detector engine that is supported on ScreenOS 5.0 / ScreenOS 5.4 is different from ScreenOS 6.0. Similarly, for Standalone IDPs, the detector engine is different for IDP 4.0 and IDP 4.1 devices.

    The following table lists the detector versions that are supported on different software versions:
     

    Software / Version

    Detector

    ScreenOS 6.2.x / ScreenOS 6.3.x            3.5.xxxxx

    ScreenOS 6.0.x / ScreenOS 6.1.x

    3.4.xxxxx

    ScreenOS 5.4 / ScreenOS 5.0

    3.1.xxxxx

    IDP 5.1

    5.1.xxxxx

    IDP 5.0

    5.0.xxxxx


    Only the supported detector versions can be pushed to the device. For ex: 3.4.xxxxx detector cannot be pushed to ScreenOS 5.4 or ScreenOS 5.0.

  • How do I push the new detector engine to the Standalone IDP or ISG-IDP device?

    Go to Devices > IDP Detector Engine > Load IDP Detector Engine; this will update the device with the latest detector engine.

  • Do I need to push policy to the device after the new detector engine is loaded?

    Yes; when the new detector engine is pushed to the device, remember to update the policy on the ISG-IDP/Standalone IDP.

  • How often do I update the device with the new detector engine?

    Juniper sends a notification to the customer, when a new detector engine is released. When the new engine is available, update the device to get support for new protocols/contexts.

  • What happens if my device already has the latest detector and if i try to update the detector engine from NSM?

    NSM will generate a warning, which states that the detector versions are the same.
  • How to update the detector version on IDP?
           For more information, refer to KB9773 - How to update the detector version on IDP.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search