1. Disable idpd process from the configuration 
root@router> edit
root@router# set system processes idp-policy disable 

root@router# delete security idp 

root@router# commit
2. Once the idpd process is disabled, go to initialize (prune current records).
secdb failures, execute the following:
root@router# exit
root@router> exit
root@router% rm /var/db/idpd/db/secdb* /var/db/idpd/db/rdm.taf
3. Now reboot the device (it will initialize the secdb database) 
root@router% cli 
root@router> request system reboot
4. RE attack cache (DFA/PCRE cache) failures, execute the following:
Once the idpd process is disabled, we can go ahead to prune the database records
root@router# exit
root@router> exit
root@router# rm /var/db/idpd/db/dfa* /var/db/idpd/db/pcre* 
root@router# rm /var/db/idpd/db/cache.dbd /var/db/idpd/db/rdm.taf
5. Now reboot the device (it will initialize the cache database) root@router# cli root@router> request system reboot
Note: For RE attack cache, users need not do anything (the cache will build-up on subsequent policy compilation(s)).
 6. After the device reboots, enable idpd process 
root@router% cli 
root@router> edit 
root@router# delete system processes idp-policy 
root@router# commit
7. Now download the full-update of the security package and install it
Download:
root@router> request security idp security-package download full-update root@router> request security idp security-package download status
Once the download is complete, install it:
root@router> request security idp security-package install root@router> request security idp security-package install status
The device is recovered from secdb failure.

———————————————————————————————————————————-

The necessary steps for activating IDP are as follows:
  1. Install IDP license by issuing request system license add…
  2. Download IDP package by issuing request security idp security-package download
  3. Install IDP package by issuing request security idp security-package install
  4. Install IDP policy templates by issuing request security idp security-package install policy-templates
  5. Register the commit script that creates the IDP policies by issuing set system scripts commit file templates.xsl
  6. Set your preferred IDP policy as active, for instance by issuing set security idp active-policy Getting_Started
  7. Activate IDP on your policy by issuing set security policies from-zone trust to-zone untrust policy default-permit then permit application-services idp

By Jon

Leave a Reply