Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
NOTE: Unlike the GUI-based attack object updates, Scheduled Security Updates
automatically pushes any new IDP detector engine that has been downloaded.
Using the command-line utility
management system to obtain the latest attack objects from the attack database server
(managed by Juniper Networks), then specify the action you want the server to take.
For a successful update, the device configuration must be "In-Sync", meaning that the
device is connected and that no configuration differences exist between the configuration
on the physical device and the modeled configuration in NSM, or "Sync Pending", meaning
that the device is unconnected and that the physical device will be updated with the
modeled configuration when the device reconnects to the management system. If a
device is connected but its configuration is not "In-Sync", the update process skips that
device to avoid installing unexpected changes.
To handle unconnected devices during the update, you must also specify additional
post-action options, shown in Table 30 on page 295.
Table 30: Scheduled Security Update (SSU) Command Line Parameters
Parameter
Definition
--dmi
Directs the system to download attacks for devices running
JUNOS Software.
--help
Lists command-line options for
--update-attacks
Directs the system to update its attack database by connecting
to and downloading the latest attack database, if newer.
Requires post-action parameter.
--post-action
Indicates that a post-action instruction will follow (none or
update-devices).
Requires none or update-devices parameter.
--none
No post-action. SSU updates the attack database, but does not
push the new attacks to devices.
No other parameters needed.
--update-devices
Updates managed security devices with newly updated attack
objects.
Requires an unconnected devices handling option (skip or retry).
--skip
Directs the server to skip any unconnected device (server does
not try to update attack objects on that device.)
No other parameters needed.
/usr/netscreen/GuiSvr/utils/guiSvrCli.sh
guiSvrCli.sh
Chapter 7: Managing Devices
, direct the
.
295
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers