1. Disable idpd process from the configuration
root@router> edit
root@router# set system processes idp-policy disable
root@router# delete security idp
root@router# commit
2. Once the idpd process is disabled, go to initialize (prune current records).
secdb failures, execute the following:
root@router# exit
root@router> exit
root@router% rm /var/db/idpd/db/secdb* /var/db/idpd/db/rdm.taf
3. Now reboot the device (it will initialize the secdb database)
root@router% cli
root@router> request system reboot
4. RE attack cache (DFA/PCRE cache) failures, execute the following:
Once the idpd process is disabled, we can go ahead to prune the database records
root@router# exit
root@router> exit
root@router# rm /var/db/idpd/db/dfa* /var/db/idpd/db/pcre*
root@router# rm /var/db/idpd/db/cache.dbd /var/db/idpd/db/rdm.taf
5. Now reboot the device (it will initialize the cache database) root@router# cli root@router> request system reboot
Note: For RE attack cache, users need not do anything (the cache will build-up on subsequent policy compilation(s)).
6. After the device reboots, enable idpd process
root@router% cli
root@router> edit
root@router# delete system processes idp-policy
root@router# commit
7. Now download the full-update of the security package and install it
Download:
root@router> request security idp security-package download full-update root@router> request security idp security-package download status
Once the download is complete, install it:
root@router> request security idp security-package install root@router> request security idp security-package install status
The device is recovered from secdb failure.
----------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------
The necessary steps for activating IDP are as follows:
- Install IDP license by issuing request system license add...
- Download IDP package by issuing request security idp security-package download
- Install IDP package by issuing request security idp security-package install
- Install IDP policy templates by issuing request security idp security-package install policy-templates
- Register the commit script that creates the IDP policies by issuing set system scripts commit file templates.xsl
- Set your preferred IDP policy as active, for instance by issuing set security idp active-policy Getting_Started
- Activate IDP on your policy by issuing set security policies from-zone trust to-zone untrust policy default-permit then permit application-services idp
No comments:
Post a Comment