[j-nsp] SRX and http/https proxy
Benoit Plessis
b.plessis at doyousoft.com
Thu Dec 21 04:16:07 EST 2017
On 20/12/2017 23:00, Roger Wiklund wrote:
> You can download the latest signature here:
>
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB27038
>
> Try this:
>
> 1. unzip the file, then gunzip all gz files: gzip -d *.gz
> 2. copy all files to the device with scp: scp -r *
> root at ip:/var/db/idpd/sec-download/
> 3. request security idp security-package offline-download package-path
> /var/db/idpd/sec-download
> 4. request security idp security-package install
Interesting,
The package is very large however since it does contain everything, it
would need to filter out unecessary files,
not sure it would be really easier (to be done 'safely') than parsing
the xml file from the auto-upgrade url tho
as for the process you describe the "part 2" is my main concern (root
access on the SRX, no option to login with ssh pubkey), also need to be
done on both unit of the cluster.
As for part 3 my previous experiment seams to tell me that if you copy
the files on /var/db/idpd/sec-download then "request security idp
security-package offline-download package-path" isn't usefull,
however it does feel like "offline-download" could be used to skip the
root access copy of step 2, but there is little to no information of the
expected "package" format
More information about the juniper-nsp
mailing list