Related Documentation
- J Series
- IDP Policies Overview
- Understanding IDP Policy Rulebases
- Understanding IDP Policy Rules
- Understanding Predefined IDP Policy Templates
- Understanding the IDP Signature Database Version
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Adding a Detector Sensor Configuration (J-Web)
- SRX Series
- IDP Policies Overview
- Understanding IDP Policy Rulebases
- Understanding IDP Policy Rules
- Understanding Predefined IDP Policy Templates
- Understanding the IDP Signature Database Version
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Adding a Detector Sensor Configuration (J-Web)
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding the IDP Signature Database
The signature database is one of the major components of Intrusion Detection and Prevention (IDP). It contains definitions of different objects—such as attack objects, application signatures objects, and service objects—that are used in defining IDP policy rules. As a response to new vulnerabilities, Juniper Networks periodically provides a file containing attack database updates on the Juniper website. You can download this file to protect your network from new threats.
 | Note: IDP feature is enabled by default, no license is required. Custom attacks and custom attack groups in IDP policies can also be configured and installed even when a valid license and signature database are not installed on the device. |
The IDP signature database is stored on the IDP enabled device and contains definitions of predefined attack objects and groups. These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups as match conditions in IDP policy rules.
| Note:
You must install the IDP signature-database-update license
key on your device for downloading and installing daily signature
database updates provided by Juniper Networks. The
IDP signature license key does not provide grace period support. For
license details, see the Junos OS Initial Configuration Guide for Security Devices |
You can perform the following tasks to manage the IDP signature database:
- Update the signature database—Download the attack database updates available on the Juniper Networks website. New attacks are discovered daily, so it is important to keep your signature database up to date.
- Verify the signature database version—Each signature database has a different version number with the latest database having the highest number. You can use the CLI to display the signature database version number.
- Update the protocol detector engine—You can download the protocol detector engine updates along with downloading the signature database. The IDP protocol detector contains Application Layer protocol decoders. The detector is coupled with the IDP policy and is updated together. It is always needed at policy update time, even if there is no change in the detector.
- Schedule signature database updates—You can configure the IDP-enabled device to automatically update the signature database after a set interval.
Related Documentation
- J Series
- IDP Policies Overview
- Understanding IDP Policy Rulebases
- Understanding IDP Policy Rules
- Understanding Predefined IDP Policy Templates
- Understanding the IDP Signature Database Version
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Adding a Detector Sensor Configuration (J-Web)
- SRX Series
- IDP Policies Overview
- Understanding IDP Policy Rulebases
- Understanding IDP Policy Rules
- Understanding Predefined IDP Policy Templates
- Understanding the IDP Signature Database Version
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Adding a Detector Sensor Configuration (J-Web)
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
