It appeared this was an easy fix (I also tried 12.1R6.5 and 12.1X44-D11.5, to no avail).
First, I looked at the version of the signature DB that it's trying to download (2263):
netops> request security idp security-package download check-server
Successfully retrieved from(https://services.netscreen.com/cgi-bin/index.cgi).
Version info:2263(Detector=12.6.160130325, Templates=2263)
Then, I decided that this is possibly an actual bad md5 checksum (per what Junos expects), and I downloaded the previous version, 2262:
netops> request security idp security-package download version full-update 2262
Will be processed in async mode. Check the status using the status checking CLI
It worked! I've had to do something similar on Netscreen, but it's been a while. I turned off automated updates, and I can get back to studying.
netops> request security idp security-package download status
Done;Successfully downloaded from(https://services.netscreen.com/cgi-bin/index.cgi).
Version info:2262(Tue May 14 16:27:00 2013 UTC, Detector=12.6.160130325)
Now that the download is finished, everything is installing properly:
netops> request security idp security-package install
Will be processed in async mode. Check the status using the status checking CLI
netops> request security idp security-package install status
In progress:performing DB update...
netops> request security idp security-package install status
In progress:performing DB update for an xml (groups.xml)
netops> request security idp security-package install status
In progress:performing DB update for an xml (applications.xml)
etc.
netops> request security idp security-package install status
Done;Attack DB update : successful - [UpdateNumber=2262,ExportDate=Tue May 14 16:27:00 2013 UTC,Detector=12.6.160130325]
Updating control-plane with new detector : successful
Updating data-plane with new attack or detector : not performed
due to no active policy configured.
I'm thinking that this is either a bug in SRX110H-VA, a combination of hardware/software release, or bad signature updates on services.netscreen.com. I'm pretty sure that I could just look through the XML, and figure out where the bad md5sum is (and fix it by hand), but I'll follow up once I hear back from Juniper.
Newest edit: I also had to manually download the policy template from Juniper, extract it with gzip -d templates.xml.gz
, and place it in /var/db/idpd/sec-download/sub-download/
. Once that was done, I was able to install it. The issue here is that the request security idp security-package install policy-templates
command does not take a 'version', like the other idp commands. This will always be an issue when the head IDP policy has md5 errors, although I would hope that this isn't a frequent occurrence at Juniper.
netops> request security idp security-package install policy-templates
Will be processed in async mode. Check the status using the status checking CLI
netops> request security idp security-package install status
Done;policy-templates has been successfully updated into internal repository
(=>/var/db/scripts/commit/templates.xsl)!
Best Answer
Before attempting to copy your file, you should first create the file on the server where it is being copied, set permissions so that it can be overwritten, and specify it in the copy path. Please also check that you have that directory accessible via ftp.
(Example permission You may want to be more restrictive)
Alternatively you can also use ftp in the following way (again following creation and permissions set):
From Server:
Additional items to check:
Official Documentation: http://www.juniper.net/documentation/en_US/junos15.1/topics/reference/command-summary/file-copy.html