Juniper Networks regularly updates the predefined attack database
and makes it available on the Juniper Networks website. This database
includes attack object groups that you can use in IDP policies to
match traffic against known attacks. You can configure your device
to download the signature database updates automatically at a specified
interval.
The configuration instructions in this topic describe how to
download the security package with the complete table of attack objects
and attack object groups every 48 hours starting at 11:59 pm on December
10.
You can use either J-Web or the CLI configuration editor to
update the signature database automatically.
Specify the URL for the security package. The
security package includes the detector and the latest attack objects
and groups. The following statement specifies http://sec-pack.juniper.net as the URL for downloading signature database updates:
user@host# set security idp security-package
url http://sec-pack.juniper.net
Specify the time and interval for download.
The following statement sets the interval as 48 hours and
the start time as 11:59 pm on December 10:
user@host# set security idp security-package
automatic interval 48 start-time 12-10.23:59
Enable an automatic download and update
of the security package.
user@host# set security idp security-package
automatic enable
If you are finished configuring the router,
commit the configuration.
From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more
information, see the JUNOS Software CLI Reference.
