SRX

 View Only
last person joined: 12 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  ids error causes commit to fail

    Posted 01-02-2023 12:56
    Hi All,

    I'm a new poster to this forum because I'm stuck on an issue and would appreciate some worldy advice...

    I'm a Juniper hobbiest. I have Juniper SRX and EX in my very small network but I'm a learner rather than a company so I don't have access to JTAC etc.

    I've installed a Juniper SRX300 as the internet edge firewall connecting to a fibre broadband line, it works great. However since upgrading the Junos ( I'm currently on 21.2r3.8) I cannot commit the configuration any more, it spins the below error, seamingly about the IDS function.

    I'm not using IDS (i don't have a license for it!) So I've tried to delete the IDS configuration lines, that's not worked.

    I found this thread which describes my issue, but as I don't have the license or support I can't follow the resolution :(
    https://supportportal.juniper.net/s/article/SRX-IDP-Configuration-commit-fails-with-error-Please-install-the-latest-detector?language=en_US

    Can anyone offer any advice that isn't "buy a license and support" as that's not within my budget :)

    Error:
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Char 0x0 out of allowed range
    <Parent>N
    ^
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Premature end of data in tag Parent line 4637
    <Parent>N
    ^
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Premature end of data in tag Context line 4631
    <Parent>N
    ^
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Premature end of data in tag Contexts line 382
    <Parent>N
    ^
    /var/db/idpd/sec-download/detector-capabilities.xml:4637: parser error : Premature end of data in tag DetectorCapabilities line 2
    <Parent>N
    ^
    <xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
    <source-daemon>idpd</source-daemon>
    <edit-path>[edit groups junos-defaults security]</edit-path>
    <statement>idp</statement>
    <message>Please install the latest detector
    </message>
    </xnm:error>
    error: configuration check-out failed

    Many Thanks all!
    Tom

    ------------------------------
    Thomas Whittle
    ------------------------------


  • 2.  RE: ids error causes commit to fail

     
    Posted 01-03-2023 10:02
    Hi,

    Delete the IDP config completely - delete security idp. Then commit should work ok.

    After that, clear IDP files - request security idp storage-cleanup cache-files & request security idp storage-cleanup downloaded-files.

    Try the upgrade again.


    ------------------------------
    M Gi
    ------------------------------



  • 3.  RE: ids error causes commit to fail

    Posted 01-04-2023 09:25
    Brill thanks, I'll try this in a moment and let you know how I get on.

    Cheers!
    Tom

    ------------------------------
    Thomas Whittle
    ------------------------------