[SRX] How to update IDP Signature Database off-line ( Easier way to do it )
https://kb.juniper.net/InfoCenter/index?page=content&id=KB32399&actp=METADATA
check the signature id | which version installed Netbox@SRX340-1-Rack104# run show services application-identification version Application package version: 534 Netbox@SRX340-1-Rack104# run show security idp security-package-version Attack database version:N/A(N/A) Detector version :12.6.160121210 Policy template version :N/A |
Check-server and get the latest signature id | Check server Netbox@SRX340-1-Rack104> request services application-identification download check-server Download server URL: https://signatures.juniper.net/cgi-bin/index.cgi Sigpack Version: 3161 Protobundle version: 1.380.0-60.105 Build Time: Jan 13 2019 23:05:04 Netbox@SRX340-1-Rack104> request security idp security-package download check-server Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi). Version info:3161(Detector=12.6.160180509, Templates=3161) |
application-identification | |
idp folder and detector-capabilities | idp folder % ls -al /var/db/idpd/sec-download/ total 1484 drwxr-xr-x 3 root wheel 512 Dec 15 2017 . drwxr-xr-x 7 root wheel 512 Dec 15 2017 .. -rw-r--r-- 1 root wheel 721970 Dec 15 2017 detector-capabilities.xml drwxr-xr-x 2 root wheel 512 Dec 15 2017 sub-download more /var/db/idpd/sec-download/detector-capabilities.xml |
application id folder and manifest.xml file | manifest.xml only xml.gz id files % more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id" <id>application_groups.xml.gz</id> <id>application_groups2.xml.gz</id> <id>applications.xml.gz</id> <id>applications2.xml.gz</id> <id>contexts.xml.gz</id> <id>filters.xml.gz</id> <id>groups.xml.gz</id> <id>platforms.xml.gz</id> <id>products.xml.gz</id> <id>services.xml.gz</id> <id>SignatureUpdate.xml.gz</id> <id>templates.xml.gz</id> |
determine the file to download | download file !!!!!!!! some web browser have some problem with the xml file >>>>>> using wget instead ( on powershell/windoes or linux ) !!!!!!!!!!!!!! Netbox@SRX340-1-Rack104> request security idp security-package download check-server Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi). Version info:3161(Detector=12.6.160180509, Templates=3161) >>>>> Just change the Template ID, here 3161 <<<<<<<< PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz PS C:\Users\jkriker\Documents\script> ls Directory: C:\Users\jkriker\Documents\script Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 16/04/2017 12:00 test1 d----- 17/04/2017 19:03 Test2 -a---- 13/10/2018 13:28 466 napalm_config.py -a---- 16/04/2019 12:48 4269066 SignatureUpdate.xml.gz Then put it in the /var/tmp folder Also can be done like in the KB. PS C:\Users\jkriker\Documents\script> wget "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&platform_ver sion=&detector=12.6.160121210&from=&to=latest&type=update&sn=CY3016AF0008&release=150.2" -O SignatureUpdate.xml.gz |
idp offline-download | offline-download Netbox@SRX340-1-Rack104> request security idp security-package offline-download ? Possible completions: <[Enter]> Execute this command package-path Package path of the zipped security package status Retrieve the status of offline package download operation | Pipe through a command Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path ? Possible completions: <package-path> Package path of the zipped security package |