Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring a Proxy Server for License Updates

Requirements

• An M Series, MX Series, PTX Series, SRX Series device
• Junos OS Release 11.4 running on the device

Overview

In Junos OS Release 11.4 and later, you can download Juniper Networks license updates using a proxy server. This feature is supported on M Series and SRX Series devices. In earlier releases, downloading license updates was only possible by directly connecting to the Juniper Networks License Management System.

In an enterprise, there might be devices in a private network that might be restricted from connecting to the Internet directly for security reasons. In such scenarios, you can configure a proxy server in the private network to connect to the LMS and download the license updates, and have the routers or devices in the private network connect to the proxy server to download the licenses or license updates. In Figure 1, R0 is the router in the private network. P represents the proxy server and LMS represents the Juniper Networks License Management System.

Figure 1: Proxy Server Example

To enable this feature, you configure the device with details of the proxy server at the [edit system proxy] hierarchy level.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

1. Configure the proxy server IP address or hostname.
   [edit system proxy]user@hostR0# set server 192.168.1.10
2. Configure a port number (ranging from 0 through 65535) used to connect to the proxy server.
   [edit system proxy]user@hostR0# set port 3128
3. Configure the password as configured on the proxy server.
   [edit system proxy]user@R0# set password user123
4. Configure the username as configured on the proxy server.
   [edit system proxy]user@R0# set username user1
5. Configure trace options for licenses.
   [edit system license]user@R0# set traceoptions file license.loguser@R0# set traceoptions flag all

Results

From configuration mode, confirm your configuration by entering the show system command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the router, enter commit from configuration mode.

Verification

Confirm that the configuaration is working properly.

Verifying That the License Is Downloaded

Purpose

Verify that the license is downloaded using the proxy server.

Action

1. Delete the existing license using the request system license delete license-filename command.
2. Download the license using the request system license update command.
   user@R0> request system license update

   Request to automatically update license keys from https://ae1.juniper.net has been sent, use 'show system license' to check status.
   
   

3. Verify the license using the show system license command.
   user@R0> show system license

   License usage:
                                    Licenses     Licenses    Licenses    Expiry
     Feature name                       used    installed      needed
     av_key_kaspersky_engine               0            1           0
   2011-11-17 16:00:00 PST
     idp-sig                               1            1           0
   2011-11-17 16:00:00 PST
     ax411-wlan-ap                         0            2           0    permanent
   
   Licenses installed:
     License identifier: JUNOS282725
     License version: 2
     Valid for device: AG2909AA0014
     Features:
       av_key_kaspersky_engine - Kaspersky AV
         date-based, 2010-11-21 16:00:00 PST - 2011-11-17 16:00:00 PST
   
   

4. Check the system log file to verify that the license is downloaded using the proxy server.
   user@R0> show /var/log/license.log

   Nov 18 08:14:14 Received SIGHUP signal
   Nov 18 08:14:17 GRES not enabled.
   Nov 18 08:14:17 License download proxy server configured.
   Nov 18 08:14:17 License download proxy server: 192.168.1.10
   Nov 18 08:14:17 License download proxy server port: 3128
   Nov 18 08:14:17 License download proxy user name: user1
   Nov 18 08:14:17 License download proxy user password: xxx
   Nov 18 08:14:18 Access configuration autoupdate url: ae1.juniper.net
   Nov 18 08:14:18 Access configuration renew-before-expiration: 60 days
   Nov 18 08:14:18 Access configuration renew-interval: 1 hours
   Nov 18 08:16:53 Received SIGUSR1 signal, license download start...
   Nov 18 08:16:58 env HTTP_PROXY=http://192.168.1.10/
   Nov 18 08:16:58 env HTTP_PROXY_AUTH="basic:*:abc:xxx"
   HTTP_PROXY_AUTH="basic:*:user:<password>" /usr/sbin/license_fetch -o
   /tmp/license.keys.1053
   'https://ae1.juniper.net/junos/key_retrieval?serial=AG2909AA0014=11.4I'
   2> /tmp/license.status.1053
   Nov 18 08:17:03 /tmp/license.keys.1053                                 505 kB
   505 kBps