Page Comparison

...

compare the version installed and the latest version

Code Block

title	Check server

root@SRX340-1-Rack104> show security idp security-package-version


Attack database version:N/A(N/A)


Detector version :12.6.160121210


Policy template version :N/A




root@SRX340-1-Rack104> request security idp security-package download check-server


Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).


Version info:3162(Detector=12.6.160180509, Templates=3162)

Check-server

and get the latest signature id

Code Block

title	Check server

Netbox@SRX340-1-Rack104> request services 
Netbox@SRX340-1-Rack104> request services application-identification download check-server


Download server URL: https://signatures.juniper.net/cgi-bin/index.cgi
Sigpack Version: 3161
Protobundle version: 1.380.0-60.105 Build
Time: Jan 13 2019 23:05:04

Code Block

title	here
collapse	true

here


Netbox@SRX340-1-Rack104>
request
security
idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)

application-identification

Code Block

title	here
collapse	true

request services application-identification download status

https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz

idp folder

and

detector-capabilities

Code Block

title	idp folder
collapse	true

% ls -al /var/db/idpd/sec-download/
total 1484
drwxr-xr-x  3

idp folder

and

detector-capabilities

Code Block

title	idp folder
collapse	true

% ls -al /var/db/idpd/sec-download/
total 1484
drwxr-xr-x  3 root  wheel     512 Dec 15  2017 .
drwxr-xr-x  7 root  wheel     512 Dec 15  2017 .
drwxr-xr-x  7.
-rw-r--r--  1 root  wheel  721970   512 Dec 15  2017 ..
-rw-r--r--  1 root  wheel  721970 Dec 15  2017 detector-capabilities.xml
drwxr-xr-x  2 root  wheel     512 Dec 15  2017 sub-download



more /var/db/idpd/sec-download/detector-capabilities.xml

application id folder

and

manifest.xml file

Code Block

title	manifest.xml only xml.gz id files
collapse	true

% more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id"
    <id>application_groups.xml.gz</id>
    <id>application_groups2.xml.gz</id>
    <id>applications.xml.gz</id>
    <id>applications2.xml.gz</id>
    <id>contexts.xml.gz</id>
    <id>filters.xml.gz</id>
    <id>groups.xml.gz</id>
    <id>platforms.xml.gz</id>
    <id>products.xml.gz</id>
    <id>services.xml.gz</id>
    <id>SignatureUpdate.xml.gz</id>
    <id>templates.xml.gz</id>

Code Block

title	download manifest

 wget -O manifest.xml "https://signatures.juniper.net/xmlupdate/226/Manifest/3161/manifest.xml"


Also:
wget -O manifest.xml  "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160121210&from=&to=latest&type=manifest&sn=CY3016AF0008&release=150.2"



PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----       16/04/2019     13:46           5379 manifest.xml
-a----       16/04/2019     12:48        4269066 SignatureUpdate.xml.gz



PS C:\Users\jkriker\Documents\script\appid> more .\manifest.xml | grep "xml.gz</url>" | sed s/<url>// | sed s/<\/url>// | sed s/.*https/https/ > .\download-file-list.txt

PS C:\Users\jkriker\Documents\script\appid> more .\download-file-list.txt
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups.xml.gz
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Contexts/3161/contexts.xml.gz
https://signatures.juniper.net/xmlupdate/226/Filters/3161/filters.xml.gz
https://signatures.juniper.net/xmlupdate/226/Groups/3161/groups.xml.gz
https://signatures.juniper.net/xmlupdate/226/Platforms/3161/platforms.xml.gz
https://signatures.juniper.net/xmlupdate/226/Products/3161/products.xml.gz
https://signatures.juniper.net/xmlupdate/226/Services/3161/services.xml.gz
https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz
https://signatures.juniper.net/xmlupdate/226/Templates/3161/templates.xml.gz

determine the file to download

Code Block

title	download file

!!!!!!!!  some web browser have some problem with the xml file >>>>>> using wget instead ( on powershell/windoes or linux ) !!!!!!!!!!!!!!


Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)

>>>>> Just change
the
Template
ID, here 3161 <<<<<<<<

PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz


PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\ ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----       16/04/2017     12:00                test1
d-----       17/04/2017     19:03                Test2
-a----       13/10/2018     13:28            466 napalm_config.py
-a----       16/04/2019     12:48        4269066 SignatureUpdateoffline-update.xml.gz

Then put it in the /var/tmp folder

PS C:\Users\jkriker\Documents\script> sftp Netbox@172.30.95.210:/var/tmp/
Password:
Connected to 172.30.95.210.
Changing to: /var/tmp/

sftp> put SignatureUpdate.xml.gz
Uploading SignatureUpdate.xml.gz to /cf/var/tmp/SignatureUpdateoffline-update.xml.gz
SignatureUpdate.xml.gz                                                                             100% 4169KB 631.5KB/s   00:06

sftp> ls
SignatureUpdate.xml.gz    appidd_trace_debug        gres-tp                   install                   phone-home
pics                      policy_status             rtsdb                     sd-upgrade                sec-download
spu_kmd_init              usb                       vi.recover




Also can be done like in the KB.

PS C:\Users\jkriker\Documents\script> wget "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&platform_ver
sion=&detector=12.6.160121210&from=&to=latest&type=updateoffline&sn=CY3016AF0008&release=150.2" -O SignatureUpdateoffline-update.xml.gz

Code Block

title	sftp with powershell

PS C:\Users\jkriker\Documents\script> ls Directory: C:\Users\jkriker\Documents\script Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 16/04/2017 12:00 test1 d----- 17/04/2017 19:03 Test2 -a---- 13/10/2018 13:28 466 napalm_config.py -a---- 16/04/2019 12:48 4269066 SignatureUpdate.xml.gz PS C:\Users\jkriker\Documents\script> sftp Netbox@172.30.95.210 Password: Connected to 172.30.95.210. sftp> put SignatureUpdate.xml.gz Uploading SignatureUpdate.xml.gz to /cf/var/home/Netbox/SignatureUpdate.xml.gz SignatureUpdate.xml.gz 100% 4169KB 622.2KB/s 00:06 sftp> ls SignatureUpdate.xml.gz sftp> quit PS C:\Users\jkriker\Documents\script>

Code Block

title	OLD: determine the file to download
collapse	true

Netbox@SRX340-1-Rack104> show security idp security-package-version
  Attack database version:N/A(N/A)
  Detector version :12.6.160121210  <<<<<<<<< installed 
  Policy template version :N/A

Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)


The latest one is:
Detector=12.6.160180509


https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160171124&from=&to=latest&type=offline            <<<<<<< type= "offline"

https://signatures.juniper.net/cgi-bin/index.cgi?
device=jsrx340&
adv_dev_info=&
feature=idp&
os=15.1&
build=49&
dfa=hs&detector=12.6.160171124&
from=&to=latest&type=offline



----------------------------------------------------------------------------------------------------
junos command to provide the answer

device=jsrx340&
os=15.1&
build=49&

Netbox@SRX340-1-Rack104> show version
Hostname: SRX340-1-Rack104
Model: srx340
Junos: 15.1X49-D150.2
JUNOS Software Release [15.1X49-D150.2]

Image Removed

idp offline-download

1&
build=49&

Netbox@SRX340-1-Rack104> show version
Hostname: SRX340-1-Rack104
Model: srx340
Junos: 15.1X49-D150.2
JUNOS Software Release [15.1X49-D150.2]

Image Added

idp offline-download

Code Block

title	offline-download

Netbox@SRX340-1-Rack104> request security idp security-package offline-download ?
Possible completions:
  <[Enter]>            Execute this command
  package-path         Package path of the zipped security package
  status               Retrieve the status of offline package download operation
  |                    Pipe through a command


Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path ?
Possible completions:
  <package-path>       Package path of the zipped security package



Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path /cf/var/home/Netbox/

SignatureUpdate

offline-update.xml.gz
Will be processed in async mode. Check the status using the status checking CLI

Netbox@SRX340-1-Rack104> request security idp security-package offline-download status
Done;Signature package offline download Successful.

Netbox@SRX340-1-Rack104> request security idp security-package install

error: Security Package installation disabled temporarily due to invalid license. <<<<<<<<<<<<<<< Need install IDP license!!!!!


Netbox@SRX340-1-Rack104> request security idp security-package install status

Versions Compared

Old Version 2

New Version Current

Key