[prev in list] [next in list] [prev in thread] [next in thread]
List: juniper-nsp
Subject: Re: [j-nsp] SRX and http/https proxy
From: Benoit Plessis <b.plessis () doyousoft ! com>
Date: 2017-12-21 9:16:07
Message-ID: d0fb3760-843f-73cd-e4b0-0cb2f048e68b () doyousoft ! com
[Download RAW message or body]
On 20/12/2017 23:00, Roger Wiklund wrote:
> You can download the latest signature here:
>
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB27038
>
> Try this:
>
> 1. unzip the file, then gunzip all gz files: gzip -d *.gz
> 2. copy all files to the device with scp: scp -r *
> root@ip:/var/db/idpd/sec-download/
> 3. request security idp security-package offline-download package-path
> /var/db/idpd/sec-download
> 4. request security idp security-package install
Interesting,
The package is very large however since it does contain everything, it
would need to filter out unecessary files,
not sure it would be really easier (to be done 'safely') than parsing
the xml file from the auto-upgrade url tho
as for the process you describe the "part 2" is my main concern (root
access on the SRX, no option to login with ssh pubkey), also need to be
done on both unit of the cluster.
As for part 3 my previous experiment seams to tell me that if you copy
the files on /var/db/idpd/sec-download then "request security idp
security-package offline-download package-path" isn't usefull,
however it does feel like "offline-download" could be used to skip the
root access copy of step 2, but there is little to no information of the
expected "package" format
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic