Example: Configuring a Proxy Server for License Updates
This example shows how to configure a proxy server to download Juniper Networks license updates.
This example uses the following hardware and software components:
An M Series, MX Series, PTX Series, or SRX Series device
Junos OS Release 11.4 running on the device
In Junos OS Release 11.4 and later, you can download Juniper Networks license updates using a proxy server. This feature is supported on M Series and SRX Series devices. In earlier releases, downloading license updates was only possible by directly connecting to the Juniper Networks License Management System.
In an enterprise, there might be devices in a private network that might be restricted from connecting to the Internet directly for security reasons. In such scenarios, you can configure a proxy server in the private network to connect to the LMS and download the license updates, and have the routers or devices in the private network connect to the proxy server to download the licenses or license updates. In Figure 1, R0 is the router in the private network. Proxy Server represents the proxy server, and LMS represents the Juniper Networks License Management System.
To enable this feature, you configure the device with details of the proxy server at the [edit system proxy] hierarchy level.
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the  hierarchy level.
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see the CLI User Guide.
To configure the proxy server properties on the device:
- Configure the proxy server IP address or hostname.[edit system proxy]user@hostR0# set server 192.168.1.10
- Configure a port number (ranging from 0 through 65535)
used to connect to the proxy server.[edit system proxy]user@hostR0# set port 3128
- Configure the password as configured on the proxy server.[edit system proxy]user@R0# set password user123
- Configure the username as configured on the proxy server.[edit system proxy]user@R0# set username user1
- Configure trace options for licenses.[edit system license]user@R0# set traceoptions file license.loguser@R0# set traceoptions flag all
From configuration mode, confirm your configuration by entering the show system command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
If you are done configuring the router, enter commit from configuration mode.
Confirm that the configuration is working properly.
Verifying That the License Is Downloaded
Verify that the license is downloaded using the proxy server.
- Delete the existing license using the request system license delete license-filename command.
- Download the license using the request system license
user@R0> request system license update
Request to automatically update license keys from https://devicex.example.com has been sent, use 'show system license' to check status.
- Verify the license using the show system license command.
user@R0> show system license
License usage: Licenses Licenses Licenses Expiry Feature name used installed needed av_key_kaspersky_engine 0 1 0 2011-11-17 16:00:00 PST idp-sig 1 1 0 2011-11-17 16:00:00 PST ax411-wlan-ap 0 2 0 permanent Licenses installed: License identifier: JUNOS282725 License version: 2 Valid for device: AG2909AA0014 Features: av_key_kaspersky_engine - Kaspersky AV date-based, 2010-11-21 16:00:00 PST - 2011-11-17 16:00:00 PST
- Check the system log file to verify that the license is
downloaded using the proxy server.
user@R0> show /var/log/license.log
Nov 18 08:14:14 Received SIGHUP signal Nov 18 08:14:17 GRES not enabled. Nov 18 08:14:17 License download proxy server configured. Nov 18 08:14:17 License download proxy server: 192.168.1.10 Nov 18 08:14:17 License download proxy server port: 3128 Nov 18 08:14:17 License download proxy user name: user1 Nov 18 08:14:17 License download proxy user password: xxx Nov 18 08:14:18 Access configuration autoupdate url: devicex.example.com Nov 18 08:14:18 Access configuration renew-before-expiration: 60 days Nov 18 08:14:18 Access configuration renew-interval: 1 hours Nov 18 08:16:53 Received SIGUSR1 signal, license download start... Nov 18 08:16:58 env HTTP_PROXY=http://192.168.1.10/ Nov 18 08:16:58 env HTTP_PROXY_AUTH="basic:*:abc:xxx" HTTP_PROXY_AUTH="basic:*:user:<password>" /usr/sbin/license_fetch -o /tmp/license.keys.1053 'https://devicex.example.com/junos/key_retrieval?serial=AG2909AA0014=11.4I' 2> /tmp/license.status.1053 Nov 18 08:17:03 /tmp/license.keys.1053 505 kB 505 kBps