security-package

Syntax

Hierarchy Level

Description

Configure the device to automatically download the updated signature database from the specified URL.

When you configure signature installation to enable the ignore-appid-failure option, IDP signature download/installation does not fail even if application identification download/installation fails during IDP signature download/installation. This option is not enabled by default. You have to enable this option.

IDP signature package on an external server can be downloaded and installed on the SRX Series Firewall. Configure the proxy profile option of security package download to connect to the external server through a specified proxy server.

IDP uses proxy profile configured at the system level. The proxy profile being used in the security package must be configured at the [edit services proxy] hierarchy.

You can configure multiple proxy profiles under [edit services proxy] hierarchy. IDP can utilize only one proxy profile. Multiple proxy profiles are not supported for use under IDP simultaneously. When a proxy profile is configured under [security idp security-package] hierarchy, then the idpd process connects to the proxy host instead of the signature pack download server. The proxy host then communicates with the download server and provides the response back to the idpd process. The idpd process is notified every time there is a change made at the [edit services proxy] hierarchy.

Options

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.

Option ignore-appid-failure is introduced in Junos OS Release 18.3R1.

Option proxy-profile is introduced in Junos OS Release 18.3R1.