[SRX] How to update IDP Signature Database off-lineĀ ( Easier way to do it )
https://kb.juniper.net/InfoCenter/index?page=content&id=KB32399&actp=METADATA
...
https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/SRX-IDP_Offline_SecurityPackage_update.pdf
|
|
|---|
| check the signature id |
| Code Block |
|---|
| title | which version installed |
|---|
| Netbox@SRX340-1-Rack104# run show services application-identification version
Application package version: 534
Netbox@SRX340-1-Rack104# run show security idp security-package-version
Attack database version:N/A(N/A)
Detector version :12.6.160121210
Policy template version :N/A
|
|
Check-server and get the latest signature id |
| Code Block |
|---|
| Netbox@SRX340-1-Rack104> request services application-identification download check-server
Download server URL: https://signatures.juniper.net/cgi-bin/index.cgi
Sigpack Version: 3161
Protobundle version: 1.380.0-60.105
Build Time: Jan 13 2019 23:05:04
Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)
|
|
application-identification and Download Server and sigpack version |
|
requestroot@SRX340-1-Rack104> show services application-identification |
|
download status
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz status
Application Identification
Status |
|
idp folder and detector-capabilities | | Code Block |
|---|
| title | idp folder |
|---|
| collapse | true |
|---|
|
%ls-al/var/db/idpd/sec-download/total1484drwxr-xr-x3rootwheel512Dec152017.
drwxr-xr-x 7 root wheelSessions under app detection 0
|
|
512 Dec 15Max TCP session packet memory |
|
2017..
-rw-r--r--1rootwheel721970Dec152017detector-capabilities.xmldrwxr-xr-x2rootwheel512Dec152017sub-downloadmore /var/db/idpd/sec-download/detector-capabilities.xml
application id folder and manifest.xml file | | Code Block |
|---|
| title | manifest.xml only xml.gz id files |
|---|
| collapse | true |
|---|
|
% more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id"
<id>application_groups.xml.gz</id>
<id>application_groups2.xml.gz</id>
<id>applications.xml.gz</id>
<id>applications2.xml.gz</id>
<id>contexts.xml.gz</id>
<id>filters.xml.gz</id>
<id>groups.xml.gz</id>
<id>platforms.xml.gz</id>
<id>products.xml.gz</id>
<id>services.xml.gz</id>
<id>SignatureUpdate.xml.gz</id>
<id>templates.xml.gz</id>
|
determine the file to download | | Code Block |
|---|
|
!!!!!!!! some web browser have some problem with the xml file >>>>>> using wget instead ( on powershell/windoes or linux ) !!!!!!!!!!!!!!
Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from( Disabled
Statistics collection interval 1440 (in minutes)
Application System Cache
Status Enabled
Max Number of entries in cache 131072
Cache timeout 3600 (in seconds)
Protocol Bundle
Download Server https://signatures.juniper.net/cgi-bin/index.cgi |
|
).Version info:3161(Detector=12.6.160180509, Templates=3161)
>>>>> Just change the Template ID, here 3161 <<<<<<<<
PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz
PS C:\Users\jkriker\Documents\script> ls
Directory: C:\Users\jkriker\Documents\script
Mode AutoUpdate Disabled
Slot 1:
Application package version 0
Status |
|
LastWriteTimeLengthName---------------------------d-----1604/201712:00 test1
d-----17/04/201719:03Test2-a----13/10/2018 13:28 services application-identification download status
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
|
|
idp folder and detector-capabilities |
| Code Block |
|---|
| title | idp folder |
|---|
| collapse | true |
|---|
| % ls |
|
466 napalm_config.py
-a---- 16/04/2019 12:48 4269066 SignatureUpdate.xml.gz
Then put it in the /var/tmp folder
Also can be done like in the KB.
PS C:\Users\jkriker\Documents\script> wget "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&platform_ver
sion=&detector=12.6.160121210&from=&to=latest&type=update&sn=CY3016AF0008&release=150.2" -O SignatureUpdate.xml.gz
| Code Block |
|---|
| title | OLD: determine the file to download |
|---|
| collapse | true |
|---|
|
Netbox@SRX340-1-Rack104> show security idp security-package-version
Attack database version:N/A(N/A)
Detector version :12.6.160121210 <<<<<<<<< installed
Policy template version :N/A
Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)
The latest one is:
Detector=12.6.160180509
https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160171124&from=&to=latest&type=offline
https://signatures.juniper.net/cgi-bin/index.cgi?
device=jsrx340&
adv_dev_info=&
feature=idp&
os=15.1&
build=49&
dfa=hs&detector=12.6.160171124&
from=&to=latest&type=offline
--------------------------------------------------------------------------al /var/db/idpd/sec-download/
total 1484
drwxr-xr-x 3 root wheel 512 Dec 15 2017 .
drwxr-xr-x 7 root wheel 512 Dec 15 2017 ..
-rw-r--r-- 1 root wheel 721970 Dec 15 2017 detector-capabilities.xml
drwxr-xr-x 2 root wheel 512 Dec 15 2017 sub-download
more /var/db/idpd/sec-download/detector-capabilities.xml
|
|
application id folder and manifest.xml file |
| Code Block |
|---|
| title | manifest.xml only xml.gz id files |
|---|
| collapse | true |
|---|
| % more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id"
<id>application_groups.xml.gz</id>
<id>application_groups2.xml.gz</id>
<id>applications.xml.gz</id>
<id>applications2.xml.gz</id>
<id>contexts.xml.gz</id>
<id>filters.xml.gz</id>
<id>groups.xml.gz</id>
<id>platforms.xml.gz</id>
<id>products.xml.gz</id>
<id>services.xml.gz</id>
<id>SignatureUpdate.xml.gz</id>
<id>templates.xml.gz</id>
|
| Code Block |
|---|
| wget -O manifest.xml "https://signatures.juniper.net/xmlupdate/226/Manifest/3161/manifest.xml"
Also:
wget -O manifest.xml "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160121210&from=&to=latest&type=manifest&sn=CY3016AF0008&release=150.2"
PS C:\Users\jkriker\Documents\script> ls
Directory: C:\Users\jkriker\Documents\script
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 16/04/2019 13:46 5379 manifest.xml
-a---- 16/04/2019 12:48 4269066 SignatureUpdate.xml.gz
PS C:\Users\jkriker\Documents\script\appid> more .\manifest.xml | grep "xml.gz</url>" | sed s/<url>// | sed s/<\/url>// | sed s/.*https/https/ > .\download-file-list.txt
PS C:\Users\jkriker\Documents\script\appid> more .\download-file-list.txt
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups.xml.gz
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Contexts/3161/contexts.xml.gz
https://signatures.juniper.net/xmlupdate/226/Filters/3161/filters.xml.gz
https://signatures.juniper.net/xmlupdate/226/Groups/3161/groups.xml.gz
https://signatures.juniper.net/xmlupdate/226/Platforms/3161/platforms.xml.gz
https://signatures.juniper.net/xmlupdate/226/Products/3161/products.xml.gz
https://signatures.juniper.net/xmlupdate/226/Services/3161/services.xml.gz
https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz
https://signatures.juniper.net/xmlupdate/226/Templates/3161/templates.xml.gz
|
|
| determine the file to download |
| Code Block |
|---|
| !!!!!!!! some web browser have some problem with the xml file >>>>>> using wget instead ( on powershell/windoes or linux ) !!!!!!!!!!!!!!
Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)
>>>>> Just change the Template ID, here 3161 <<<<<<<<
PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz
PS C:\Users\jkriker\Documents\script> ls
Directory: C:\Users\jkriker\Documents\script
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 16/04/2017 12:00 test1
d----- 17/04/2017 19:03 Test2
-a---- 13/10/2018 13:28 466 napalm_config.py
-a---- 16/04/2019 12:48 4269066 SignatureUpdate.xml.gz
Then put it in the /var/tmp folder
PS C:\Users\jkriker\Documents\script> sftp Netbox@172.30.95.210:/var/tmp/
Password:
Connected to 172.30.95.210.
Changing to: /var/tmp/
sftp> put SignatureUpdate.xml.gz
Uploading SignatureUpdate.xml.gz to /cf/var/tmp/SignatureUpdate.xml.gz
SignatureUpdate.xml.gz 100% 4169KB 631.5KB/s 00:06
sftp> ls
SignatureUpdate.xml.gz appidd_trace_debug gres-tp install phone-home
pics policy_status rtsdb sd-upgrade sec-download
spu_kmd_init usb vi.recover
Also can be done like in the KB.
PS C:\Users\jkriker\Documents\script> wget "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&platform_ver
sion=&detector=12.6.160121210&from=&to=latest&type=update&sn=CY3016AF0008&release=150.2" -O SignatureUpdate.xml.gz
|
| Code Block |
|---|
| title | OLD: determine the file to download |
|---|
| collapse | true |
|---|
| Netbox@SRX340-1-Rack104> show security idp security-package-version
Attack database version:N/A(N/A)
Detector version :12.6.160121210 <<<<<<<<< installed
Policy template version :N/A
Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)
The latest one is:
Detector=12.6.160180509
https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160171124&from=&to=latest&type=offline
https://signatures.juniper.net/cgi-bin/index.cgi?
device=jsrx340&
adv_dev_info=&
feature=idp&
os=15.1&
build=49&
dfa=hs&detector=12.6.160171124&
from=&to=latest&type=offline
----------------------------------------------------------------------------------------------------
junos command to provide the answer
device=jsrx340&
os=15.1&
build=49&
Netbox@SRX340-1-Rack104> show version
Hostname: SRX340-1-Rack104
Model: srx340
Junos: 15.1X49-D150.2
JUNOS Software Release [15.1X49-D150.2]
|
 Image Added
|
| idp offline-download |
| Code Block |
|---|
| title | sftp with powershell |
|---|
| PS C:\Users\jkriker\Documents\script> ls
Directory: C:\Users\jkriker\Documents\script
Mode LastWriteTime Length Name
---- ------------- ------ ----
d--- |
|
-
junos command to provide the answer
device=jsrx340&
os=15.1&
build=49&
Netbox@SRX3401Rack104> show version
Hostname: SRX340-1-Rack104
Model: srx340
Junos: 15.1X49-D150.2
JUNOS Software Release [15.1X49-D150.2]
Image Removed
idp offline-download | | Code Block |
|---|
| title | sftp with powershell |
|---|
|
PS C:\Users\jkriker\Documents\script> lsDirectory: C:\Users\jkriker\Documents\script
Mode test1
d----- 17/04/2017 19:03 |
|
LastWriteTimeLengthName ------------------- ----
d-466 napalm_config.py
-a---- 16/04/ |
|
2017:00 test1
d-----:48 4269066 SignatureUpdate.xml.gz
PS C:\Users\jkriker\Documents\script> sftp Netbox@172.30.95.210
Password:
Connected to 172.30.95.210.
sftp> put SignatureUpdate.xml.gz
Uploading SignatureUpdate.xml.gz to /cf/var/home/Netbox/SignatureUpdate.xml.gz
SignatureUpdate.xml.gz |
|
17/04/201719:03Test2-a----13/10/201813:28466napalm_config.py-a----16/04/201912:484269066SignatureUpdate.xml.gzPSC:\Users\jkriker\Documents\script>sftpNetbox@172.30.95.210Password:Connectedto172.30.95.210.sftp>putSignatureUpdate.xml.gzUploadingSignatureUpdate.xml.gzto/cf/var/home/Netbox/SignatureUpdate.xml.gzSignatureUpdate.xml.gz 100% 4169KB 622.2KB/s 00:06
sftp> ls
SignatureUpdate.xml.gz
sftp> quit
PS C:\Users\jkriker\Documents\script> |
| Code Block |
|---|
| Netbox@SRX340-1-Rack104> request security idp security-package offline-download ?
Possible completions:
<[Enter]> Execute |
|
this command
package-path Package path of the zipped security package
status Retrieve the status of offline package download operation
| |
|
100%4169KB622.2KB/s00:06sftp>lsSignatureUpdate.xml.gzsftp>quitPS C:\Users\jkriker\Documents\script>| Code Block |
|---|
|
a command
Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path ?
Possible completions:
|
|
<[Enter]> Execute this command
package-path Package path of the zipped security package
|
|
status Retrieve the status of offline package download operation
| Pipe through a command
Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path /cf/var/home/Netbox/SignatureUpdate.xml.gz
Will be processed in async mode. Check the status using the status checking CLI
Netbox@SRX340-1-Rack104> request security idp security-package offline-download status
Done;Signature package offline download Successful.
Netbox@SRX340-1-Rack104> request security idp security-package |
|
offline-download package-path ?
Possible completionsinstall
error: Security Package |
|
<package-path>installation disabled temporarily due to invalid license. |
|
Packagepathofthezipped security package