[j-nsp] SRX and http/https proxy

Roger Wiklund roger.wiklund at gmail.com
Wed Dec 20 17:00:07 EST 2017


You can download the latest signature here:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB27038

Try this:

1. unzip the file, then gunzip all gz files: gzip -d *.gz
2. copy all files to the device with scp: scp -r * root at ip
:/var/db/idpd/sec-download/
3. request security idp security-package offline-download package-path
/var/db/idpd/sec-download
4. request security idp security-package install

I have not tried this myself but I think it should work =)

On Thu, Dec 14, 2017 at 12:58 PM, Benoit Plessis <b.plessis at doyousoft.com>
wrote:

> Sorry i lost Roger's mail so this might bork the thread ..
>
> Two options on the top of my head:
>
> 1. Use Security Director, that will download the signature to the server
> and then push it to the device. (SD will also give you lots of other
> benefits/visibility)
> 2. Download the update to a web server the SRX can reach, then use
> offline-download "request security idp security-package offline-download
> package-path http://x/y"
>
> You can easily configure an event-option to run the update every night.
>
> set event-options generate-event daily time-of-day 01:00:00
> set event-options policy update_idp_package events daily
> set event-options policy update_idp_package then execute-commands command
> "request security idp security-package offline-download package-pathhttp://x/y"
>
>
> Hi,
>
> Well i found the "How to perform offline IDP and Application signature
> database update in SRX"(*) which is three years old at least,
> not very clear and need root (not super-user account) access to put files
> directly in /var/db/idpd/...
>
> * https://kb.juniper.net/InfoCenter/index?page=content&id=TN83
>
> The documentation for "request security idp security-package
> offline-download" suggest to
> "Manually download the security package from the Juniper Security
> Engineering portal. The package will have both IDP and application package
> signatures." yet i wasn't able to find said package ...
>
> By the way JTAC answer this morning with said KB and a wonderfull "It is
> possible that the proxy method to not be standard. If this is the case, I
> don't understand what are your expectation in regards to this."
>
> BTW stick with Junos 15.1X49-D120 for now. 17.4 or 18.1 will get full
> 15.1X49 feature parity.
>
>
> Ok, gone back to 15.1 thanks
>


More information about the juniper-nsp mailing list