TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Example: Updating the Signature Database Automatically

This example shows how to download signature database updates automatically.

Requirements

Before you begin, configure network interfaces. See the Junos OS Interfaces Configuration Guide for Security Devices .

Overview

Juniper Networks regularly updates the predefined attack database and makes it available as a security package on the Juniper Networks website. This database includes attack object and attack object groups that you can use in IDP policies to match traffic against known attacks. You can configure your device to download the signature database updates automatically at a specified interval.

In this example, you download the security package with the complete table of attack objects and attack object groups every 48 hours, starting at 11:59 p.m. on December 10. You also enable an automatic download and update of the security package.

Configuration

Step-by-Step Procedure

To download and update the predefined attack objects:

Specify the URL for the security package.
[edit]user@host# set security idp security-package url https://services.netscreen.com/cgi-bin/index.cgi
Note: By default it will take URL as https://services.netscreen.com/cgi-bin/index.cgi.
Specify the time, interval and download timeout value for the download.
[edit]user@host# set security idp security-package automatic interval 48 download-timeout 3 start-time 2009-12-10.23:59:00
Enable the automatic download and update of the security package.
[edit]user@host# set security idp security-package automatic enable
If you are done configuring the device, commit the configuration.
[edit]user@host# commit

Verification

To verify the configuration is working properly, enter the show security idp command.