Hi,
I've this problem to download signature on my firewall due routing-instance configuration and not direct internet reachability on the main routing instance.
I try:
1) offline procedure. But for my version and product (SRX-110) i think that something is wrong on the website and always I retrived some errors with asking url:
https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx110&feature=idp&detector=12.6.160121210&to=latest&os=12.3&build=48&type=update
root@FW-HQ> show security idp security-package-version
Attack database version:N/A(N/A)
Detector version :12.6.160121210
Policy template version :N/A
2) Another way checked here on the forum is to use the loopback to force the SRX ask internet using the loopback behind routing-instance:
"set system default-address-selection " command will enable the SRX to send IDP update request from loopback interface then.
root@SRX-5800-1# show routing-instances
IDP-Update {
instance-type vrf;
interface xe-1/0/0.0;
routing-options {
interface-routes {
rib-group inet IDP-Update;
}
static {
rib-group IDP-Update;
route 180.43.200.1/32 next-table inet.0;
}
}
[edit]
root@SRX-5800-1# show interfaces lo0
unit 0 {
family inet {
address 180.43.200.1/32;
}
}
root@SRX-5800-1#
But the problem in my case is that I'm using pppoe connection in dialup with just one public IP address that is able to reach internet.
Maybe I can use one other IP address or interface on the juniper-default routing instance in order to reach internet in some other way? But I don't know in which one...
Any idea?
#srxidperrorupdate#srxofflineidp#SRX110#srxidp#srxofflineupdates