Two options on the top of my head: 1. Use Security Director, that will download the signature to the server and then push it to the device. (SD will also give you lots of other benefits/visibility) 2. Download the update to a web server the SRX can reach, then use offline-download "request security idp security-package offline-download package-path http://x/y"
You can easily configure an event-option to run the update every night. set event-options generate-event daily time-of-day 01:00:00 set event-options policy update_idp_package events daily set event-options policy update_idp_package then execute-commands command "request security idp security-package offline-download package-path http://x/y" BTW stick with Junos 15.1X49-D120 for now. 17.4 or 18.1 will get full 15.1X49 feature parity. Regards Roger On Tue, Dec 12, 2017 at 11:38 AM, Benoit Plessis <b.ples...@doyousoft.com> wrote: > Hi, > > We have recently bought an SRX345 cluster with IDP licensing and i'm a > bit baffled by something a bit "stupid". > > The SRX will need regular download over the internet for the IDP > database, however, by principle i setup the system so that the admin > interface has a limited network connectivity (by use of a separate > routing-instance for the main trafic). > > So i looked for a way for the SRX to use a web proxy (squid, ffproxy) > for thoses operations. > > According to the documentation & configuration it is supported (system > proxy server / system proxy port) however of the 4 download "use-case" i > tested (request system licence update, request security idp > security-package download, request system license add, file copy) only > the first (request system licence update) does "try" to respect and use > the system proxy, and even there it doesn't correctly communicate with > the proxy for "https" requests. > > I tried with 17.3R1.10, 12.1X46-D15.3, 12.3X48-D40.5 with the same > result each time. > > > A case is pending openning over juniper support but the support contract > of the SRX345 isn't openned yet, so i though of reaching over there, > does anybody know anything on the subject ? > > Regards, > Benoit Plessis > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp