Signature Update Service (SUS) IP address change

Juniper is moving their Signature Update Services (SUS) to a more robust distributed environment on 21 February 2015.  As a part of this change the current IP address for the service will no longer be valid and could affect the ability of Juniper SSG, NS5000, ISG, and SRX products to update their signature files.  All SSG, NS5000, ISG, and SRX products should be examined to insure they are accessing the SUS service via a URL and not the IP address.

 
Solution:
SSG, NS5000, ISG, and SRX products should be accessing the Signature Update Services (SUS) by connecting to the URL https://services.netscreen.com or https://signatures.juniper.net.  If they are configured to access the SUS through one of these URLs, they will not be affected and will continue to access the new service without interruption on and after 21 February 2015.

If the Juniper SSG, NS5000, ISG, and SRX product has been configured to use only an IP address (66.129.230.99 or 66.129.230.83), they will fail to be able update their signatures after 21 February 2015.

To prevent a failure of your firewalls not being able to update signatures after 21 February 2015, please check the configurations in each unit and change any configuration using the IP addresses to the correct URL as noted below:

• IP Address 66.129.230.99 should be replaced by URL:  https://services.netscreen.com
• IP Address 66.129.230.83 should be replaced by URL:  https://signatures.juniper.net

This change is critical because the new service is designed to be redundant and operate from multiple locations. Removing the dependency on a fixed IP address will improve resiliency of the service.