Updating attack database of srx cluster node1

When you have an SRX cluster and you need to update/install idp attack database on the second node,
you will realize that it isn’t done automatically (before 12.1 release) You can update/install the active node but not the other. The work around to do this is to manually copy attack DB files to the second node and install. Here is how we do it;

Copy the attack DB files to the 2nd node;


root@srx210-1% rcp -r -T /var/db/idpd/sec-download/* node1:/var/db/idpd/sec-download/

Install the new files on the 2nd node;


{primary:node0}
root@srx210-1> request security idp security-package install node 1

After a while once the compilation finishes, you will have a similar output like my cluster;

{primary:node0}
root@srx210-1> show security idp security-package-version
node0:
--------------------------------------------------------------------------

  Attack database version:2199(Wed Oct 31 12:11:01 2012)
  Detector version :12.6.160120907
  Policy template version :2193

node1:
--------------------------------------------------------------------------

  Attack database version:2199(Wed Oct 31 12:11:01 2012)
  Detector version :12.6.160120907
  Policy template version :2193

About: rtoodtoo

Genco has worked for more than 10 years as a Network/Support Engineer. He is also interested in Python, Linux, Security and SD-WAN, currently lives in the Netherlands and works as a Network Support Engineer at Tesla Inc. // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.