Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Manually Installing Signatures

Users with the tenant administrator role can install the active signature database on one or more devices, by using the on demand signature installation feature. You can install the signature immediately at a click or schedule the installation for a later time. However, you cannot configure a recurring schedule at which installation must be run, unlike the auto installation feature (see Automating Signature Database Installation). Signatures must be present on the device for application firewall or intrusion prevention system (IPS) features to be used. If you do not install the signature database on a device, the deployment of IPS profiles or application firewall will fail.

  • Before you install the signature database on the device, ensure that the IPS license is installed on the device. If the IPS license is not installed, only the application signatures will be installed when the signature database installation is triggered.

  • You can install the signature database on the following devices: NFX150, NFX250, SRX Series, and vSRX Virtual Firewall.

While installing signatures, you can additionally configure settings for installing Intrusion Detection and Prevention (IDP) and enabling micro applications. These settings are applied only to the sites selected.

To install the active signature database:

  1. Select Administration > Signature Database.

    The Signature Database page appears.

  2. Click On Demand Signature Install.

    The On Demand Signature Installation page appears displaying the signature database version and the devices on which you can install the signature database.

  3. Select the check boxes corresponding to the devices on which you want to install the signature database.

    You can also search for, filter, or sort the devices displayed in the table.

  4. Enable additional installation options, if required. The following options are available:
    • Install IDP Signature—Click the toggle button to enable installation of Intrusion Detection and Prevention (IDP) signature database. If the device does not have a valid IDP license installed, the application (App ID) signature is installed. If you have not enabled this option, CSO installs the APP ID signature on the device by default.

    • Enable Micro Apps—Click the toggle button to configure CSO to identify micro-applications. Enabling this button executes the following set command on the device: set services application-identification micro-apps.

  5. From the Type field:
    • Select Run now to immediately trigger the installation of the signature database on the devices that you selected.

    • Select Schedule at a later time to install the signature database later and specify a date and time at which you want the installation to be triggered.

  6. Click OK.
    • If you specified that the database must be installed immediately, a job is triggered and in the Job Tasks page that appears, the tasks associated with the signature database installation are displayed. Click OK to exit and return to the Signature Database page.

    • If you specified that the database must be installed later, a job is created and you are returned to the Signature Database page. A confirmation message (with the job ID) is displayed at the top of the page.

After the signature database is installed successfully, you can deploy the firewall policy (that references IPS profiles or application signatures) on the device.