Table of Contents
Advertisement
Updating the IDP Detector Engine
Copyright © 2010, Juniper Networks, Inc.
Example: Updating Devices with Different Attack Object Database Versions
On Monday, you update the attack object database to version 2.0 on the GUI Server, then
update two managed devices running ScreenOS 5.2, Device A and Device B. Both devices
(and the GUI Server) have the same version of the attack object database.
On Wednesday, in response to a security alert, you update the attack object database
to version 2.1 on the GUI server, but install the update on only one of your managed
devices, Device A. Device A (and the GUI Server) is now running a different version of the
attack object database from Device B.
On Friday, you make miscellaneous configuration changes to Device A and B, then attempt
to update both devices with the modeled configuration. During the update, the UI warns
you that Device B is running an older version of the attack object database than the GUI
Server contains.
The IDP engine is dynamically changeable firmware that runs on ISG security devices
running ScreenOS 5.0.0-IDP1, standalone IDP appliances, J Series devices, SRX Series
devices, and MX Series devices. Automatic updates to the IDP engine occur when you:
Upgrade security device firmware—The upgraded firmware includes the most recent
version of the IDP engine as well as a new version of ScreenOS.
Manually load a new detector engine—New detector engines may be downloaded with
normal attack object updates. You must load the new detector engine onto the device
manually.
NOTE: You cannot downgrade the IDP engine version on the device.
To update the IDP engine manually for a ScreenOS or IDP sensor device:
From the Device Manager launchpad, select Security Updates > Update ScreenOS
1.
Device Detector. The Load IDP Detector Engine wizard starts.
Click Next, and then follow the instructions in the wizard to update the IDP engine
2.
on the selected device.
To update the IDP engine for a JUNOS device:
From the Device Manager launchpad, select Security Updates > Update JUNOS Device
Detector. The Load JUNOS IDP Detector Engine wizard starts.
Click Next, and then follow the instructions in the wizard to update the IDP engine on
the selected device.
NOTE: Updating the IDP engine on a device does not require a reboot of the device.
You can also download the new detector engine automatically. See "Scheduling Security
Updates" on page 294.
Chapter 7: Managing Devices
293
Advertisement
Table of Contents
