1. Disable idpd process from the configuration
2. Once the idpd process is disabled, go to initialize (prune current records).
secdb failures, execute the following:
3. Now reboot the device (it will initialize the secdb database)
4. RE attack cache (DFA/PCRE cache) failures, execute the following:
Once the idpd process is disabled, we can go ahead to prune the database records
Note: For RE attack cache, users need not do anything (the cache will build-up on subsequent policy compilation(s)).
6. After the device reboots, enable idpd process
7. Now download the full-update of the security package and install it
Once the download is complete, install it:
The device is recovered from secdb failure.
The necessary steps for activating IDP are as follows:
- Install IDP license by issuing request system license add…
- Download IDP package by issuing request security idp security-package download
- Install IDP package by issuing request security idp security-package install
- Install IDP policy templates by issuing request security idp security-package install policy-templates
- Register the commit script that creates the IDP policies by issuing set system scripts commit file templates.xsl
- Set your preferred IDP policy as active, for instance by issuing set security idp active-policy Getting_Started
- Activate IDP on your policy by issuing set security policies from-zone trust to-zone untrust policy default-permit then permit application-services idp