Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.


IDP250 - SSL / Blocked Attack Objects / Failed Policy Push

IDP250 - SSL / Blocked Attack Objects / Failed Policy Push


Maybe someone can help me out on this one -

Currently our IDP250 has a SSL certificate installed that shouldnt expire until 2011 however since an attack object update at the beginning of Sept we have been getting SSL:Non-SSL Traffic on SSL Port attack objects being blocked. So -

1) Can someone tell me how to view the currently installed certificate?  I thought it was "scio ssl list all" but that doesnt show expiry etc

2) Can someone tell me how to view the Root and Inter certificates to see if they have expired also?

3) When I try and push a policy I get a failed message every time with the following reason codes -

(3) Attack Group currently has no members.  In the future when predefined attacks are defined in their respective categories, these attack groups will be updated to the device.  Also, if user defined attacks are created with the appropriate filter conditions, they will automatically become members of this group.  No further action is required in this case.
(7) This attack signature/anomaly is obsolete and not supported by the newer detector on the device. The signature will not be updated to the device.
(8) This attack signature/anomaly is not supported by the current detector on the device, and will not be updated to the device.  To use this signature, you may either need to upgrade the device's OS version to a newer image, or upgrade the detector on the device.

Anyone point me in the right direction of how to troubleshoot this?


RE: IDP250 - SSL / Blocked Attack Objects / Failed Policy Push

Had to restart the device to allow policies to be pushed again.

RE: IDP250 - SSL / Blocked Attack Objects / Failed Policy Push

Call Juniper tech support for answers.


RE: IDP250 - SSL / Blocked Attack Objects / Failed Policy Push

Sadly I did and they were as much use as a chocolate fireguard.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close