Example: Updating the IDP Signature Database Manually (CLI)

Before you begin, configure network interfaces. See the JUNOS Software Interfaces Configuration Guide for Security Devices.

The configuration instructions in this topic describe how to download the security package with the complete table of attack objects and attack object groups, create a policy, and specify the new policy as the active policy. This example then describes how to download only the updates that Juniper Networks has recently uploaded and then update the attack database, running policy, and detector with these new updates.

To manually download and update the signature database:

  1. Download the security package. The security package includes the detector and the latest attack objects and groups.
    user@host> request security idp security-package download full-update
  2. Update the attack database, the active policy, and the detector with the new package.
    user@host> request security idp security-package install
  3. Check the attack database update status with the following command. The command output displays information about the downloaded and installed versions of attack database versions.
    user@host> request security idp security-package install status
  4. Commit the configuration.
  5. After committing the configuration, the attack objects and groups are available in the CLI under the predefined-attack-groups and predefined-attacks configuration statements at the [edit security idp idp-policy] hierarchy level.
  6. Associate attack objects or attack object groups with the policy. The following statement associates the recommended attack object group Response_Critical-TELNET with policy1:
    user@host# set security idp idp-policy policy1 rulebase-ips rule rule1 match attacks predefined-attack-groups “Response_Critical - TELNET”
  7. Activate the policy. The following statement makes policy1 the active policy on the device:
    user@host# set security idp active-policy policy1
  8. Commit the configuration.
  9. After a week, if you want to download only the updates that Juniper Networks has recently uploaded, use the following command:
    user@host> request security idp security-package download
  10. Update the attack database, active policy, detector with the new changes:
    user@host> request security idp security-package install
  11. If you are finished configuring the device, commit the configuration.
  12. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the JUNOS Software CLI Reference.

Related Topics