Updating
a Signature Pack ManuallyDeep Inspection (DI) is a mechanism for filtering the traffic permitted by the Juniper Networks firewall. You apply Deep Inspection at the policy level by specifying one or more sets of attack objects for the security device to detect. These attack objects are compiled into four signature packs.
ScreenOS supports all four signature packs, but a security device can load only one signature pack at a time. If your security device is registered and you have purchased and activated a subscription for DI, then this page helps you download the appropriate signature pack to your security device from the Juniper Networks website.
Deep Inspection Signature Update (Current Version: number): This line indicates the version ID number for the DI signature pack that is currently loaded on the security device. If the current version ID number is 0, then the signature pack is not currently loaded.
Load file: Specify a path to load the signature pack from a local drive.
Open your browser and specify the URL. For example, to update the base pack, specify https://services.netscreen.com/restricted/sigupdates
Save the signature pack file to your local drive.
In the Load File field, specify the path of the saved file.
Note: After you load the signature pack the first time, you must reset the security device. Following each download thereafter, resetting the device is unnecessary.
Signature Pack: Select a DI signature pack that suits the security needs of your network. These Signature packs use less device memory and offer increased protocol support. The following four predefined signature packs are available on the database server: Base (default), Server, Client, Worm mitigation.
Select the Worm mitigation signature pack to protect remote and branch offices of large enterprises as well as small/medium businesses to provide the most comprehensive defense against worm attacks.
This signature pack includes stream signatures and primarily focuses on providing a comprehensive worm protection. It detects server-to-client and client-to-server worm attacks for all protocols.
Select the Client signature pack for small/medium enterprises and remote and branch offices of large enterprises needing perimeter defense and compliance for hosts (desktops, laptops, etc.).
This signature pack primarily focuses on protecting users from getting malware, Trojans, and so on, while surfing the Internet. It includes a comprehensive set of client-oriented protocols, such as HTTP (server-to-client), DNS, FTP, IMAP, POP3, P2P, and IM (AIM, YMSG, MSN, IRC). It also includes worm signatures that target clients.
Select the Server signature pack for small/medium enterprises and remote and branch offices of large enterprises needing perimeter defense and compliance for hosts (desktops, laptops, etc.).
This signature pack primarily focuses on protecting a server farm. It
includes a comprehensive set of server-oriented protocols, such as HTTP,
DNS, FTP, SMTP, IMAP,
MS-SQL, and LDAP.
It also includes worm signatures that target servers.
The Base (default) signature pack consists of a selected set of signatures for client/server and worm protection optimized for remote and branch offices as well as small/medium businesses.
This signature pack includes a sample of worm, client-to-server, and server-to-client signatures for Internet-facing protocols and services, such as HTTP, DNS, FTP, SMTP, POP3, IMAP, NetBIOS/SMB, MS-RPC, P2P, and IM.
|
Signature Pack |
Database Server URL |
|
Base (default) |
https://services.netscreen.com/restricted/sigupdates |
|
Server |
https://services.netscreen.com/restricted/sigupdates/server |
|
Client |
https://services.netscreen.com/restricted/sigupdates/client |
|
Worm mitigation |
https://services.netscreen.com/restricted/sigupdates/worm |
Database Server URL: Enter the URL of the local database server on which to store the signature packs. The default URL for signature updates is https://services.netscreen.com/restricted/signupdates.
Update Mode: Select a mode for the security device to check if the signature pack on the attack object database server is more recent than that on the security device.
None: The security
device does not update the selected signature pack.
Automatic Notification: A notice appears on the homepage if the
signature pack on the database server is more recent than that on the
security device.
Automatic Update: The security device automatically downloads the
signature pack.
Schedule: Schedule the security device to check the version of the signature pack daily, weekly, or monthly.
Daily: Select this
option to update the signature pack daily.
Weekly On: Select a day of the week from the dropdown list to update
the signature pack weekly.
Month On: Specify the date of the month to update the signature
pack monthly.
Note: If you choose a date that does not occur in every month (for example, 31), then the security device uses the last possible date of the month in its place.
Time: Enter the hour and minute when you want the security device to check the database for signature pack updates.
Update Now: Click the Update Now button if you want the signature pack updated immediately. (Note that this option is only available after you have retrieved a DI subscription key.)
The security device then attempts to contact the server at the default URL: https://services.netscreen.com/restricted/sigupdates; or, if you have entered a different URL in the Database Server field, it attempts to contact the URL that you entered.
Note: After you download the attack object database the first time, you must reset the security device. Following each download thereafter, resetting the device is unnecessary.
See also
Updating
a Signature Pack Manually
Use a browser to download the signature pack to a local directory. You then load the database onto the security device.
Verify the accuracy of the system clock and Domain Name Service (DNS) settings on the device. (See Date and Time Settings and DNS Configuration.)
Open a browser window, enter the following URL in the address field, and then press the Enter key: https://services.netscreen.com/restricted/signupdates
When prompted to open or save the signature pack, click Save.
Navigate to the directory where you want to save the file, then click Save.
Enter the directory path
and file name ("attacks.bin")
in the Load File field.
Or
Click Browse, navigate to the
file location, select the file, and then click Open.
Click OK.
The security device attempts to contact the server at the default URL: https://services.netscreen.com/restricted/sigupdates; or, if you have entered a different URL in the Database Server field, it attempts to contact the URL that you entered.
After a few moments, a message appears indicating whether the update was successful. If the update was unsuccessful, do one of the following:
Verify the accuracy of the system clock and Domain Name Service (DNS) settings on the device (seeDate and Time Settings and DNS Configuration).
Check the event log to determine the cause of the failure.