[2025][Juniper SRX #30] IDP Signature Update

안녕하세요.

 

오늘은 Juniper IPS Signature Update하는 방법에 대해서 알아보겠습니다.

1. Juniper SRX License Check

root> show system license License usage:                                  Licensed     Licensed    Licensed                                   Feature      Feature     Feature   Feature name                       used    installed      needed    Expiry   idp-sig                               0            1           0    2030-01-26 00:00:00 UTC   remote-access-ipsec-vpn-client        0            2           0    permanent   remote-access-juniper-std             0            2           0    permanent Licenses installed:   License identifier: JUNOS422937473   License version: 4   Valid for device: CW4024AX0159   Customer ID: KDDI ASIA PACIFIC PTE. LTD.   Features:     idp-sig          - IDP Signature       date-based, 2024-12-27 00:00:00 UTC - 2030-01-26 00:00:00 UTC root>

 

2. Juniper IDP Signature check. 

root> show security idp security-package-version   Attack database version:N/A(N/A)   Detector version :N/A   Policy template version :N/A   Rollback Attack database version :N/A(N/A)   Rollback Detector version : N/A

 

3. Juniper SRX IDP package Download- 외부에 통신 확인. 

root> ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=118 time=46.391 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=33.274 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=20.448 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=19.188 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=118 time=18.793 ms ^C --- 8.8.8.8 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 18.793/27.619/46.391/10.815 ms root> request security idp security-package download Will be processed in async mode. Check the status using the status checking CLI root> root> request security idp security-package download status Done;Successfully downloaded from(https://signatures.juniper.net/cgi-bin/index.cgi). Version info:3786(Thu Feb 27 14:04:10 2025 UTC, Detector=23.6.160240709) root>

 

4. Juniper SRX IDP Package Install 

root> request security idp security-package install Will be processed in async mode. Check the status using the status checking CLI root> request security idp security-package install status In progress:Installing AI ... root>

 

약 5분 뒤에 request security idp security-package install status 확인 합니다.

root> request security idp security-package install status Done;Attack DB update : successful - [UpdateNumber=3786,ExportDate=Thu Feb 27 14:04:10 2025 UTC,Detector=23.6.160240709]      Updating control-plane with new detector : successful      Updating data-plane with new attack or detector : not performed       due to no active policy configured.

 

5. check version 

root> show security idp security-package-version   Attack database version:3786(Thu Feb 27 14:04:10 2025 UTC)   Detector version :23.6.160240709   Policy template version :N/A   Rollback Attack database version :()   Rollback Detector version : N/A root>

 

지금까지 [2025][Juniper SRX #30] IDP Signature Update 글을 읽어주셔서 감사합니다.