SRX

last person joined: 18 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  IPS signatures do not match against service type

    Posted 12-25-2012 20:44

    Hi Experts,

     

    I'm trying to protect an FTP server using IPS features of my Juniper SRX 210.

    What seems to happen is that whenever I define a dynamic attack object with filter services FTP; I get an error mentioning that the dynamic attack object is empty and the configuration can not be committed. It seems like no signatures match the category FTP. I tried a couple of other categories and it gave me the same error. Is this a known issue? Or am I doing something wrong?

     

    Here is a snippet of the configuration and the commit error:

    [edit security idp dynamic-attack-group FTP]
root# show 
filters {
    service {
        values FTP;
    }
}

[edit security idp dynamic-attack-group FTP]
root# commit check 
[edit security idp]
  'dynamic-attack-group FTP'
    Attack FTP: No matching members found. Group is empty
error: configuration check-out failed

     



  • 2.  RE: IPS signatures do not match against service type
    Best Answer

    Posted 12-25-2012 21:14

    i upgraded it to a later junos software, and it give me that error no more.

    It must've been an error on the version.

     

    Thanks.



  • 3.  RE: IPS signatures do not match against service type

    Posted 11-23-2013 03:11

    Hi Guys

     

    Any solution for that error yet?

     



  • 4.  RE: IPS signatures do not match against service type

    Posted 11-25-2013 02:06

    Which version you had on the deice prior to upgrade?

     

    --Cheers,

    Dipanshu