CLI Configuration

To manually download and update the signature database:

1. Download the security package. The security package includes the detector and the latest attack objects and groups.

   user@host> request security idp security-package download full-update

2. Update the attack database, the active policy, and the detector with the new package.

   user@host> request security idp security-package install

3. Check the attack database update status with the following command. The command output displays information about the downloaded and installed versions of attack database versions.

   user@host> request security idp security-package install status

4. Commit the configuration.
5. After committing the configuration, the attack objects and groups are available in the CLI under the predefined-attack-groups and predefined-attacks configuration statements at the [edit security idp idp-policy] hierarchy level.
6. Associate attack objects or attack object groups with the policy. The following statement associates the recommended attack object group Response_Critical-TELNET with policy1:

   user@host# set security idp idp-policy policy1 rulebase-ips rule rule1 match attacks predefined-attack-groups “Response_Critical - TELNET”

7. Activate the policy. The following statement makes policy1 the active policy on the device:

   user@host# set security idp active-policy policy1

8. Commit the configuration.
9. After a week, if you want to download only the updates that Juniper Networks has recently uploaded, use the following command:

   user@host> request security idp security-package download

10. Update the attack database, active policy, detector with the new changes:

    user@host> request security idp security-package install

11. If you are finished configuring the router, commit the configuration.
12. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the JUNOS Software CLI Reference.