Attack Object Database Overview
The Attack Object option is only available on some security devices. Use the Attack Database option to configure a database that contains all the predefined attack objects, organized into attack object groups by protocol and severity level.
Juniper Networks stores the attack object database on the attack object update server at https://services.netscreen.com/restricted/sigupdates. To gain access to the attack object update server, you must first obtain an attack object update subscription for your security device.
After you have obtained a subscription, you must update the attack object database on the GUI server and managed device. The update process differs slightly between devices running ScreenOS 5.1 and later and devices running 5.0; for details, see the “Managing Devices” section of the Network and Security Manager Administration Guide.
For all devices, the attack object database on the managed device must match the version of the attack object database on the GUI server. If the databases do not match, a validation icon appears next to the Attack Database Version setting, and the Disable Attack option does not appear in the device navigation tree.
To use the predefined attack objects, create a DI Profile object that references specific attack object groups and configure a firewall rule to use that profile object.
To configure the attack object database:
Specify the URL of the attack object database server. NSM downloads the latest version of the attack object database from https://services.netscreen.com/restricted/sigupdates.
When you update the attack object database for a device running ScreenOS 5.0.x or later, the device connects to this URL and downloads the latest database version.
When you update the attack object database for a device running ScreenOS 5.1 and later, the management system automatically connects to the URL specified in the UI Preferences and downloads the new database version to the GUI server. ScreenOS 5.1 and later devices do not contact the Attack Object Database server URL directly.
You can update the DI patterns from a proxy server (ScreenOS 6.2 devices or later). This update does not require Internet connectivity and is done offline. You cannot configure an HTTPs proxy, because you cannot cache an HTTPs proxy. You can update the DI patterns only if you have disabled the deep inspection package selection.
Specify the mode for checking and updating the database (ScreenOS 5.0 devices only):
Notification—Checks the attack object update server at specified times and notifies you if the database on the server is more recent than the database on the security device.
Update—Checks the attack object update server at specified times and automatically updates the database on the device if the database on the attack object update server is more recent.
Specify the schedule (daily, weekly, or monthly) on which the security device checks the attack object update server.
You can also direct a security device to update its attack object database immediately, either from the attack object update server (ScreenOS 5.0 devices) or the NSM GUI server (ScreenOS 5.1 and later devices). For more information, see the “ Managing Devices” section of the Network and Security Manager Administration Guide.