Update Flow-Based AV and ML-Based Threat Detection in Offline Mode
You can update the flow-based antivirus (AV) policy and machine learning (ML)-based threat detection on your SRX Series Firewall in offline mode. Download the signature bundle and store it in your local server that is not connected to the Internet.
To perform offline update:
Download the offline update package from https://signatures.juniper.net/phase/offline.zip to a local server.
Unzip offline.zip on the server to extract phase, eclipse, and README.txt.
Make sure the SRX Series Firewall can access these files on your local server.
You can extract the zip contents directly into the webserver's document root directory, or into a subfolder within the document root directory as shown in Figure 1.
Figure 1: Webserver Directory Structure
Configure the update URL and antivirus policy using the following commands:
set services anti-virus update url https://<webserver-ip-address>/fav-updates/> set services anti-virus policy p1 action block/permit set services anti-virus policy p1 default-notification log set services anti-virus policy p1 fallback-options notification log set services anti-virus policy p1 http-client-notify message "Blocked by Juniper AV" set services anti-virus policy p1 notification log set services anti-virus policy p1 machine-learning-scan action block/premit set services anti-virus policy p1 verdict-threshold 7 set security policies from-zone trust to-zone untrust policy 1 then permit application-services anti-virus-policy p1
Note:Juniper offline update bundle is valid for up to 24 hours after downloading. The update must be processed by the SRX Series Firewall before the expiration time specified in the README.txt file. For security reasons, the certificate revocation list (CRL) is updated daily and cannot be used after the expiration time.
Commit the configuration.
commit
To verify that the configuration is updated, enter the following commands in operational mode:
show services anti-virus statisticsshow services anti-virus statistics Anti-virus scan statistics: Virus DB type: anti-virus Total signatures: 26139 Anti-virus DB version: 1759855921 Anti-virus DB update time: 2025-10-07 09:55:30 PDT Total HTTP HTTPS HTTP2 SMTP SMTPS IMAP IMAPS SMB File scanned: 0 0 0 0 0 0 0 0 0 Virus found: 0 0 0 0 0 0 0 0 0 Virus blocked: 0 0 0 0 0 0 0 0 0 Virus permitted: 0 0 0 0 0 0 0 0 0 Anti-virus block cache (URI-Client IP) statistics: Block cache hit count: 0 Block cache current entries: 0 Block cache timed out entries: 0show services anti-virus machine-learning-scan-statisticsshow services anti-virus machine-learning-scan-statistics Anti-virus machine learning scan statistics: Machine learning scan engine version: 1759752211 Machine learning scan engine update time: 2025-10-06 05:03:31 Total HTTP HTTPS HTTP2 SMTP SMTPS IMAP IMAPS SMB File scanned: 0 0 0 0 0 0 0 0 0 Virus found: 0 0 0 0 0 0 0 0 0 Virus blocked: 0 0 0 0 0 0 0 0 0 Virus permitted: 0 0 0 0 0 0 0 0 0
You can ensure that the flow-based antivirus policy and ML-based threat detection are up-to-date, even without an Internet connection
If you want to install a new package, delete the existing phase and eclipse directories from your server and repeat the steps.