Users with the tenant administrator role can install the active signature database on one or more devices. Signatures must be present on the device for application firewall or intrusion prevention system (IPS) features to be used. If you do not install the signature database on a device, the deployment of IPS profiles or application firewall will fail.
Before you install the signature database on the device, ensure that the IPS license is installed on the device. If the IPS license is not installed, only the application signatures will be installed when the signature database installation is triggered.
You can install the signature database on the following devices: NFX150, NFX250, SRX Series, and vSRX.
To install the active signature database:
- Select Administration > Signature Database.
The Signature Database page appears.
- Click Install Signatures.
The Install Signatures page appears displaying the signature database version and the devices on which you can install the signature database.
- Select the check boxes corresponding to the
devices on which you want to install the signature database.
You can also search for, filter, or sort the devices displayed in the table.
- From the Type field:
Select Run now to immediately trigger the installation of the signature database on the devices that you selected.
Select Schedule at a later time to install the signature database later and specify a date and time at which you want the installation to be triggered.
- Click OK.
If you specified that the database must be installed immediately, a job is triggered and in the Job Tasks page that appears, the tasks associated with the signature database installation are displayed. Click OK to exit and return to the Signature Database page.
If you specified that the database must be installed later, a job is created and you are returned to the Signature Database page. A confirmation message (with the job ID) is displayed at the top of the page.
After the signature database is installed successfully, you can deploy the firewall policy (that references IPS profiles or application signatures) on the device.