[j-nsp] SRX and http/https proxy
Benoit Plessis
b.plessis at doyousoft.com
Thu Dec 14 06:58:02 EST 2017
Sorry i lost Roger's mail so this might bork the thread ..
> Two options on the top of my head:
>
> 1. Use Security Director, that will download the signature to the server
> and then push it to the device. (SD will also give you lots of other
> benefits/visibility)
> 2. Download the update to a web server the SRX can reach, then use
> offline-download "request security idp security-package offline-download
> package-path http://x/y"
>
> You can easily configure an event-option to run the update every night.
>
> set event-options generate-event daily time-of-day 01:00:00
> set event-options policy update_idp_package events daily
> set event-options policy update_idp_package then execute-commands command
> "request security idp security-package offline-download package-path
> http://x/y"
Hi,
Well i found the "How to perform offline IDP and Application signature
database update in SRX"(*) which is three years old at least,
not very clear and need root (not super-user account) access to put
files directly in /var/db/idpd/...
* https://kb.juniper.net/InfoCenter/index?page=content&id=TN83
The documentation for "request security idp security-package
offline-download" suggest to
"Manually download the security package from the Juniper Security
Engineering portal. The package will have both IDP and application
package signatures." yet i wasn't able to find said package ...
By the way JTAC answer this morning with said KB and a wonderfull "It is
possible that the proxy method to not be standard. If this is the case,
I don't understand what are your expectation in regards to this."
> BTW stick with Junos 15.1X49-D120 for now. 17.4 or 18.1 will get full
> 15.1X49 feature parity.
Ok, gone back to 15.1 thanks
More information about the juniper-nsp
mailing list