Example: Updating the Signature Database Automatically (CLI)

Juniper Networks regularly updates the predefined attack database and makes it available on the Juniper Networks website. This database includes attack object groups that you can use in IDP policies to match traffic against known attacks. You can configure your device to download the signature database updates automatically at a specified interval.

The configuration instructions in this topic describe how to download the security package with the complete table of attack objects and attack object groups every 48 hours starting at 11:59 pm on December 10.

To download and update predefined attack objects:

1. Specify the URL for the security package. The security package includes the detector and the latest attack objects and groups. The following statement specifies https://services.netscreen.com/cgi-bin/index.cgi as the URL for downloading signature database updates:
   user@host# set security idp security-package url https://services.netscreen.com/cgi-bin/index.cgi
2. Specify the time and interval for download. The following statement sets the interval as 48 hours and the start time as 11:59 pm on December 10:
   user@host# set security idp security-package automatic interval 48 start-time 12-10.23:59
3. Enable an automatic download and update of the security package.
   user@host# set security idp security-package automatic enable
4. If you are finished configuring the device, commit the configuration.
5. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the Junos OS CLI Reference.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Updating the IDP Signature Database Manually Overview
• Example: Updating the Signature Database Automatically (CLI)
• Understanding the IDP Signature Database