Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


[SRX] How to update IDP Signature Database off-lineĀ  ( Easier way to do it )

https://kb.juniper.net/InfoCenter/index?page=content&id=KB32399&actp=METADATA

...

https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/SRX-IDP_Offline_SecurityPackage_update.pdf




check the signature id


Code Block
titlewhich version installed
Netbox@SRX340-1-Rack104# run show services application-identification version
  Application package version: 534


Netbox@SRX340-1-Rack104# run show security idp security-package-version
  Attack database version:N/A(N/A)
  Detector version :12.6.160121210
  Policy template version :N/A



Check-server

and get the latest signature id


Code Block
titleCheck server
Netbox@SRX340-1-Rack104> request services application-identification download check-server
Download server URL: https://signatures.juniper.net/cgi-bin/index.cgi
Sigpack Version: 3161
Protobundle version: 1.380.0-60.105
Build Time: Jan 13 2019 23:05:04


Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)


application-identification

and

Download Server

and

sigpack version


Code Block
titlehere
collapsetrue
request
root@SRX340-1-Rack104> show services application-identification
download status https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
 status

Application Identification
 Status           

idp folder

and

detector-capabilities

Code Block
titleidp folder
collapsetrue
%
 
ls
 
-al
 
/var/db/idpd/sec-download/
 
total
 
1484
 
drwxr-xr-x
  
3
 
root
  
wheel
     
512
 
Dec
Enabled
15
 Sessions 
2017
under 
. drwxr-xr-x
app detection  
7
 
root
  
wheel
 0
 Max TCP 
512
session 
Dec 15 2017 .. -rw-r--r-- 1 root wheel 721970 Dec 15 2017 detector-capabilities.xml drwxr-xr-x 2 root wheel
packet memory     0
 Force packet plugin               Disabled
 Force stream plugin      
512
 
Dec
 
15
  
2017
 
sub-download
    
more /var/db/idpd/sec-download/detector-capabilities.xml

application id folder

and

manifest.xml file

Code Block
titlemanifest.xml only xml.gz id files
collapsetrue
% more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id"
    <id>application_groups.xml.gz</id>
    <id>application_groups2.xml.gz</id>
    <id>applications.xml.gz</id>
    <id>applications2.xml.gz</id>
    <id>contexts.xml.gz</id>
    <id>filters.xml.gz</id>
    <id>groups.xml.gz</id>
    <id>platforms.xml.gz</id>
    <id>products.xml.gz</id>
    <id>services.xml.gz</id>
    <id>SignatureUpdate.xml.gz</id>
    <id>templates.xml.gz</id>

Code Block
titledownload manifest
wget -O manifest.xml "https://signatures.juniper.net/xmlupdate/226/Manifest/3161/manifest.xml" Also: wget -O manifest.xml "
Disabled
 Statistics collection interval    1440 (in minutes)

Application System Cache
 Status                            Enabled
 Max Number of entries in cache    131072
 Cache timeout                     3600 (in seconds)

Protocol Bundle
 Download Server                   https://signatures.juniper.net/cgi-bin/index.cgi
 AutoUpdate                        Disabled
Slot 1:
 Application package version       0
 Status                            Free
 PB Version                        N/A
 Engine version                    N/A
 Sessions                          0



request services application-identification download status

https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz






idp folder

and

detector-capabilities


Code Block
titleidp folder
collapsetrue
% ls -al /var/db/idpd/sec-download/
total 1484
drwxr-xr-x  3 root  wheel     512 Dec 15  2017 .
drwxr-xr-x  7 root  wheel     512 Dec 15  2017 ..
-rw-r--r--  1 root  wheel  721970 Dec 15  2017 detector-capabilities.xml
drwxr-xr-x  2 root  wheel     512 Dec 15  2017 sub-download



more /var/db/idpd/sec-download/detector-capabilities.xml



application id folder

and

manifest.xml file


Code Block
titlemanifest.xml only xml.gz id files
collapsetrue
% more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id"
    <id>application_groups.xml.gz</id>
    <id>application_groups2.xml.gz</id>
    <id>applications.xml.gz</id>
    <id>applications2.xml.gz</id>
    <id>contexts.xml.gz</id>
    <id>filters.xml.gz</id>
    <id>groups.xml.gz</id>
    <id>platforms.xml.gz</id>
    <id>products.xml.gz</id>
    <id>services.xml.gz</id>
    <id>SignatureUpdate.xml.gz</id>
    <id>templates.xml.gz</id>


Code Block
titledownload manifest
 wget -O manifest.xml "https://signatures.juniper.net/xmlupdate/226/Manifest/3161/manifest.xml"


Also:
wget -O manifest.xml  "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160121210&from=&to=latest&type=manifest&sn=CY3016AF0008&release=150.2"



PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----       16/04/2019     13:46           5379 manifest.xml
-a----       16/04/2019     12:48        4269066 SignatureUpdate.xml.gz



PS C:\Users\jkriker\Documents\script\appid> more .\manifest.xml | grep "xml.gz</url>" | sed s/<url>// | sed s/<\/url>// | sed s/.*https/https/ > .\download-file-list.txt

PS C:\Users\jkriker\Documents\script\appid> more .\download-file-list.txt
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups.xml.gz
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Contexts/3161/contexts.xml.gz
https://signatures.juniper.net/xmlupdate/226/Filters/3161/filters.xml.gz
https://signatures.juniper.net/xmlupdate/226/Groups/3161/groups.xml.gz
https://signatures.juniper.net/xmlupdate/226/Platforms/3161/platforms.xml.gz
https://signatures.juniper.net/xmlupdate/226/Products/3161/products.xml.gz
https://signatures.juniper.net/xmlupdate/226/Services/3161/services.xml.gz
https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz
https://signatures.juniper.net/xmlupdate/226/Templates/3161/templates.xml.gz



determine the file to download


Code Block
titledownload file
!!!!!!!!  some web browser have some problem with the xml file >>>>>> using wget instead ( on powershell/windoes or linux ) !!!!!!!!!!!!!!


Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)

>>>>> Just change the Template ID, here 3161 <<<<<<<<

PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net
/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160121210&from=&to=latest&type=manifest&sn=CY3016AF0008&release=150.2"
/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz


PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a---- 16/04/2019 13:46 5379 manifest.xml -a
d-----       16/04/
2019
2017     12:
48 4269066 SignatureUpdate.xml.gz PS C:\Users\jkriker\Documents\script> more .\manifest.xml | grep "xml.gz</url>" | sed s/<url>// | sed s/<\/url>// https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups.xml.gz
00                test1
d-----       
https:
17/
/signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
04/2017     
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications.xml.gz https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications2.xml.gz
19:03                Test2
-a----       
https:
13/
/signatures.juniper.net/xmlupdate/226/Contexts/3161/contexts.xml.gz
10/2018     
https://signatures.juniper.net/xmlupdate/226/Filters/3161/filters.xml.gz
13:28            466 napalm_config.py
-a----       
https:
16/
/signatures.juniper.net/xmlupdate/226/Groups/3161/groups.xml.gz
04/2019     
https://signatures.juniper.net/xmlupdate/226/Platforms/3161/platforms
12:48        4269066 SignatureUpdate.xml.gz

Then put it in the 
https:
/
/signatures.juniper.net/xmlupdate/226/Products/3161/products.xml.gz https://signatures.juniper.net/xmlupdate/226/Services/3161/services.xml.gz https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/
var/tmp folder

PS C:\Users\jkriker\Documents\script> sftp Netbox@172.30.95.210:/var/tmp/
Password:
Connected to 172.30.95.210.
Changing to: /var/tmp/

sftp> put SignatureUpdate.xml.gz
https://signatures.juniper.net/xmlupdate/226/Templates/3161/templates
Uploading SignatureUpdate.xml.gz to /cf/var/tmp/SignatureUpdate.xml.gz
SignatureUpdate.xml.gz     
PS
 
C:\Users\jkriker\Documents\script>
   
determine the file to download Code Block
titledownload file
!!!!!!!!
  
some
 
web
 
browser
 
have
 
some
 
problem
 
with
 
the
 
xml
 
file
 
>>>>>>
 
using
 
wget
 
instead
 
(
 
on
 
powershell/windoes
 
or
 
linux
 
)
 
!!!!!!!!!!!!!!
   
Netbox@SRX340-1-Rack104>
 
request
 
security
 
idp
 
security-package
 
download
 
check-server
 
Successfully
 
retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi). Version info:3161(Detector=12.6.160180509, Templates=3161) >>>>> Just change the Template ID, here 3161 <<<<<<<< PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz PS C:\Users\jkriker\Documents\script> ls
                                   
Directory: C:\Users\jkriker\Documents\script Mode
100% 4169KB 631.5KB/s   00:06

sftp> ls
SignatureUpdate.xml.gz    appidd_trace_debug       
LastWriteTime
 gres-tp        
Length
 
Name
 
----
         install        
-------------
         
------
 
----
 
d-----
phone-home
pics     
16/04/2017
     
12:00
            policy_status    
test1
 
d-----
       
17/04/2017
 rtsdb    
19:03
                
Test2
 
-a----
sd-upgrade        
13/10/2018
     
13:28
   sec-download
spu_kmd_init        
466
 
napalm_config.py
 
-a----
    usb   
16/04/2019
     
12:48
        
4269066
 
SignatureUpdate.xml.gz
  
Then
 
put
 
it
 
in
 
the /var/tmp folder
vi.recover




Also can be done like in the KB.

PS C:\Users\jkriker\Documents\script> wget "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&platform_ver
sion=&detector=12.6.160121210&from=&to=latest&type=update&sn=CY3016AF0008&release=150.2" -O SignatureUpdate.xml.gz



Code Block
titleOLD: determine the file to download
collapsetrue
Netbox@SRX340-1-Rack104> show security idp security-package-version
  Attack database version:N/A(N/A)
  Detector version :12.6.160121210  <<<<<<<<< installed 
  Policy template version :N/A

Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)


The latest one is:
Detector=12.6.160180509


https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160171124&from=&to=latest&type=offline

https://signatures.juniper.net/cgi-bin/index.cgi?
device=jsrx340&
adv_dev_info=&
feature=idp&
os=15.1&
build=49&
dfa=hs&detector=12.6.160171124&
from=&to=latest&type=offline



----------------------------------------------------------------------------------------------------
junos command to provide the answer

device=jsrx340&
os=15.1&
build=49&

Netbox@SRX340-1-Rack104> show version
Hostname: SRX340-1-Rack104
Model: srx340
Junos: 15.1X49-D150.2
JUNOS Software Release [15.1X49-D150.2]




Image Modified

idp offline-download


Code Block
titlesftp with powershell
PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----       16/04/2017     12:00                test1
d-----       17/04/2017     19:03                Test2
-a----       13/10/2018     13:28            466 napalm_config.py
-a----       16/04/2019     12:48        4269066 SignatureUpdate.xml.gz


PS C:\Users\jkriker\Documents\script> sftp Netbox@172.30.95.210
Password:
Connected to 172.30.95.210.
sftp> put SignatureUpdate.xml.gz
Uploading SignatureUpdate.xml.gz to /cf/var/home/Netbox/SignatureUpdate.xml.gz
SignatureUpdate.xml.gz                                                                                                                        100% 4169KB 622.2KB/s   00:06
sftp> ls
SignatureUpdate.xml.gz
sftp> quit
PS C:\Users\jkriker\Documents\script>


Code Block
titleoffline-download
Netbox@SRX340-1-Rack104> request security idp security-package offline-download ?
Possible completions:
  <[Enter]>            Execute this command
  package-path         Package path of the zipped security package
  status               Retrieve the status of offline package download operation
  |                    Pipe through a command


Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path ?
Possible completions:
  <package-path>       Package path of the zipped security package



Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path /cf/var/home/Netbox/SignatureUpdate.xml.gz
Will be processed in async mode. Check the status using the status checking CLI

Netbox@SRX340-1-Rack104> request security idp security-package offline-download status
Done;Signature package offline download Successful.

Netbox@SRX340-1-Rack104> request security idp security-package install
error: Security Package installation disabled temporarily due to invalid license.  <<<<<<<<<<<<<<< Need install IDP license!!!!!