Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »


[SRX] How to update IDP Signature Database off-line  ( Easier way to do it )

https://kb.juniper.net/InfoCenter/index?page=content&id=KB32399&actp=METADATA

https://translate.google.com/translate?hl=en&sl=ja&tl=en&u=https%3A%2F%2Fcsps.hitachi-solutions.co.jp%2Fjuniper%2Ffaq%2Fsrx%2Futm%2Fidp_04.html

https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/SRX-IDP_Offline_SecurityPackage_update.pdf




check the signature id
which version installed
Netbox@SRX340-1-Rack104# run show services application-identification version
  Application package version: 534


Netbox@SRX340-1-Rack104# run show security idp security-package-version
  Attack database version:N/A(N/A)
  Detector version :12.6.160121210
  Policy template version :N/A


Check-server

and get the latest signature id

Check server
Netbox@SRX340-1-Rack104> request services application-identification download check-server
Download server URL: https://signatures.juniper.net/cgi-bin/index.cgi
Sigpack Version: 3161
Protobundle version: 1.380.0-60.105
Build Time: Jan 13 2019 23:05:04


Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)

application-identification
here
request services application-identification download status

https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz





idp folder

and

detector-capabilities

idp folder
% ls -al /var/db/idpd/sec-download/
total 1484
drwxr-xr-x  3 root  wheel     512 Dec 15  2017 .
drwxr-xr-x  7 root  wheel     512 Dec 15  2017 ..
-rw-r--r--  1 root  wheel  721970 Dec 15  2017 detector-capabilities.xml
drwxr-xr-x  2 root  wheel     512 Dec 15  2017 sub-download



more /var/db/idpd/sec-download/detector-capabilities.xml


application id folder

and

manifest.xml file

manifest.xml only xml.gz id files
% more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id"
    <id>application_groups.xml.gz</id>
    <id>application_groups2.xml.gz</id>
    <id>applications.xml.gz</id>
    <id>applications2.xml.gz</id>
    <id>contexts.xml.gz</id>
    <id>filters.xml.gz</id>
    <id>groups.xml.gz</id>
    <id>platforms.xml.gz</id>
    <id>products.xml.gz</id>
    <id>services.xml.gz</id>
    <id>SignatureUpdate.xml.gz</id>
    <id>templates.xml.gz</id>

determine the file to download
download file
!!!!!!!!  some web browser have some problem with the xml file >>>>>> using wget instead ( on powershell/windoes or linux ) !!!!!!!!!!!!!!


Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)

>>>>> Just change the Template ID, here 3161 <<<<<<<<

PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz


PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----       16/04/2017     12:00                test1
d-----       17/04/2017     19:03                Test2
-a----       13/10/2018     13:28            466 napalm_config.py
-a----       16/04/2019     12:48        4269066 SignatureUpdate.xml.gz

Then put it in the /var/tmp folder


Also can be done like in the KB.

PS C:\Users\jkriker\Documents\script> wget "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&platform_ver
sion=&detector=12.6.160121210&from=&to=latest&type=update&sn=CY3016AF0008&release=150.2" -O SignatureUpdate.xml.gz

OLD: determine the file to download
Netbox@SRX340-1-Rack104> show security idp security-package-version
  Attack database version:N/A(N/A)
  Detector version :12.6.160121210  <<<<<<<<< installed 
  Policy template version :N/A

Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)


The latest one is:
Detector=12.6.160180509


https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160171124&from=&to=latest&type=offline

https://signatures.juniper.net/cgi-bin/index.cgi?
device=jsrx340&
adv_dev_info=&
feature=idp&
os=15.1&
build=49&
dfa=hs&detector=12.6.160171124&
from=&to=latest&type=offline



----------------------------------------------------------------------------------------------------
junos command to provide the answer

device=jsrx340&
os=15.1&
build=49&

Netbox@SRX340-1-Rack104> show version
Hostname: SRX340-1-Rack104
Model: srx340
Junos: 15.1X49-D150.2
JUNOS Software Release [15.1X49-D150.2]



idp offline-download
offline-download
Netbox@SRX340-1-Rack104> request security idp security-package offline-download ?
Possible completions:
  <[Enter]>            Execute this command
  package-path         Package path of the zipped security package
  status               Retrieve the status of offline package download operation
  |                    Pipe through a command


Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path ?
Possible completions:
  <package-path>       Package path of the zipped security package

















  • No labels