Junos® OS
nThreat Management User Guide
Published
2021-04-18
ii
Juniper Networks, Inc. 1133 nn v n Way Sunnyvale, California 94089 USA
408-745-2000 www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their r s c v owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this b c n without n c
Junos® OS n |
Threat Management User Guide |
|
Copyright © 2021 Juniper Networks, Inc. All rights reserved. |
|
|
The n rm |
n in this document is current as of the date on the |
page. |
YEAR 2000 NOTICE
Juniper Networks hardware and s ftw r products are Year 2000 compliant. Junos OS has no known m r
m ns through the year 2038. However, the NTP c n is known to have some c y in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical |
c m n |
n consists of (or is intended for use |
||||||
with) Juniper Networks s ftw r |
Use of such s |
ftw r |
is subject to the terms and c n |
ns of the End User License |
||||
Agreement ("EULA") posted at |
s s |
r |
n r n |
s |
r |
. By downloading, installing or using such |
||
s ftw r you agree to the terms and c n |
ns of that EULA. |
|
|
|
|
iii
About This Guide | xxiii
1Overview
UTM Overview | 2
nThreat Management Overview | 2
UTM Supported Features | 6
WELF Logging for UTM Features | 6
Understanding WELF Logging for UTM Features | 7
Example: C n r n WELF Logging for UTM Features | 8
Explicit Proxy for UTM | 12 |
|
|
|
|
|
|||||
|
Understanding Explicit Proxy | 12 |
|
|
|
||||||
|
|
|
|
|||||||
|
C n |
r n |
the Explicit Proxy on Juniper Enhanced Server | 13 |
|
|
|||||
|
Verifying the Explicit Proxy C n |
r n on Juniper Enhanced Server | 15 |
||||||||
|
C n |
r n |
the |
r |
n |
Category Upgrading and Base Filter C |
n |
r n Using Explicit |
||
|
Proxy | 15 |
|
|
|
|
|
|
|
||
|
Verifying the r |
n |
|
Category Upgrading and Base Filter C n |
r |
n | 17 |
||||
|
C n |
r n |
the Sophos |
n |
v r s |
rn Update | 18 |
|
|
||
|
Verifying the Sophos |
n |
v r |
s |
rn Update | 19 |
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
nPolicies for UTM | 20
|
Understanding |
n |
Policies |
n |
|
Threat Management (UTM)] | 20 |
||
UTM Support for Chassis Cluster | 22 |
|
|
|
|||||
|
Understanding UTM Support for |
c |
v |
c |
v Chassis Cluster | 22 |
|||
|
||||||||
|
Understanding UTM Support for |
c |
v |
B c |
Chassis Cluster | 23 |
|||
Allowlist |
| 24 |
|
|
|
|
|
|
|
|
Understanding MIME Allowlist | 24 |
|
|
|
||||
|
|
|
|
|||||
|
Example: C n |
r n |
MIME Allowlist to Bypass n v r s Scanning | 25 |
|||||
|
Understanding URL Allowlist | 27 |
|
|
|
||||
|
C n |
r n URL Allowlist to Bypass |
n |
v r |
s Scanning (CLI Procedure) | 27 |
|||
|
|
|
|
|
|
|
|
|
2 |
n v r s r c n |
iv
On-Device Avira |
n v r |
s | 29 |
|
|
|
||||||||
Avira |
n |
v r |
s Overview | 29 |
|
|
|
|||||||
Example: C |
n |
|
r Avira |
n |
v r |
s | 31 |
|
|
|||||
|
Requirements | 32 |
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|||||||
|
Overview | 32 |
|
|
|
|
|
|
|
|||||
|
C n |
|
r |
|
n | 33 |
|
|
|
|
|
|
||
|
V r |
c |
|
n | 44 |
|
|
|
|
|
|
|
||
Sophos |
n |
v r |
s |
r |
c |
|
n | 46 |
|
|
|
|||
Sophos |
n |
v r s r |
c |
|
n Overview | 47 |
|
|
||||||
Sophos |
n |
v r |
s Features | 48 |
|
|
|
|||||||
Understanding Sophos |
n |
v r |
s Data File Update | 49 |
||||||||||
Comparison of Sophos |
n |
v r |
s to Kaspersky |
n v r |
s | 50 |
||||||||
Sophos |
n |
v r s C n |
|
r |
|
n Overview | 51 |
|
|
|||||
Example: C n |
|
r n |
Sophos |
n |
v r s Custom Objects | 51 |
||||||||
|
Requirements | 51 |
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|||||||
|
Overview | 52 |
|
|
|
|
|
|
|
|||||
|
C n |
|
r |
|
n | 52 |
|
|
|
|
|
|
||
|
V r |
c |
|
n | 55 |
|
|
|
|
|
|
|
||
Example: C |
n |
|
r n |
Sophos |
n |
v r s Feature |
r |
| 55 |
|||||
|
Requirements | 56 |
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|||||||
|
Overview | 56 |
|
|
|
|
|
|
|
|||||
|
C n |
|
r |
|
n | 56 |
|
|
|
|
|
|
||
|
V r |
c |
|
n | 63 |
|
|
|
|
|
|
|
||
Example: C n |
|
r n |
Sophos |
n |
v r s UTM Policies | 64 |
||||||||
|
Requirements | 64 |
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|||||||
|
Overview | 64 |
|
|
|
|
|
|
|
|||||
|
C n |
|
r |
|
n | 65 |
|
|
|
|
|
|
||
|
V r |
c |
|
n | 66 |
|
|
|
|
|
|
|
||
Example: C |
n |
|
r n |
Sophos |
n |
v r s Firewall Security Policies | 67 |
|||||||
|
Requirements | 67 |
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|||||||
|
Overview | 67 |
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
v
|
|
C n |
r |
n | 67 |
|
|
|
|
||
|
|
V r |
c |
n | 69 |
|
|
|
|
|
|
|
Example: C n |
r n |
Sophos n v r s Scanner with SSL Forward Proxy | 70 |
|||||||
|
|
Requirements | 70 |
|
|
|
|
||||
|
|
|
|
|
|
|||||
|
|
Overview | 70 |
|
|
|
|
|
|||
|
|
C n |
r |
n | 71 |
|
|
|
|
||
|
|
V r |
c |
n | 75 |
|
|
|
|
|
|
|
Managing Sophos n |
v r s Data Files | 80 |
|
|
|
|
||||
Virus-Detected N |
c |
ns | 82 |
|
|
|
|
||||
|
Understanding Protocol-Only Virus-Detected N |
c |
|
ns | 83 |
||||||
|
|
|||||||||
|
C n |
r n |
Protocol-Only Virus-Detected N |
c |
ns (CLI Procedure) | 83 |
|||||
|
Understanding E-Mail Virus-Detected N |
c |
ns | 83 |
|||||||
|
C n |
r n |
E-Mail Virus-Detected N c |
ns (CLI Procedure) | 84 |
||||||
|
Understanding Custom Message Virus-Detected N |
c |
ns | 85 |
|||||||
|
C n |
r n |
Custom Message Virus-Detected N |
c |
|
ns (CLI Procedure) | 85 |
||||
HTTP Trickling to Prevent Timeouts | 87 |
|
|
|
|
||||||
|
Understanding HTTP Trickling | 87 |
|
|
|
n v r s Scanning (CLI Procedure) | 88 |
|||||
|
|
|
|
|||||||
|
C n |
r n |
HTTP Trickling to Prevent Timeouts During |
|||||||
|
|
|
|
|
|
|
|
|
|
|
3n s m Filtering
ns m Filtering Overview | 90 n s m Filtering Overview | 90
Server-Based |
n s |
m Filtering | 92 |
|
|
|||
Understanding Server-Based n s |
m Filtering | 92 |
||||||
Server-Based |
n s |
m Filtering C |
n |
r |
n Overview | 93 |
||
Example: C |
n |
r n |
Server-Based |
n |
s |
m Filtering | 94 |
|
|
Requirements | 95 |
|
|
|
|||
|
|
|
|
||||
|
Overview | 95 |
|
|
|
|
||
|
C n |
r |
n | 95 |
|
|
|
|
|
V r c |
|
n | 101 |
|
|
|
|
|
|
|
|
|
|
|
|
vi
Local-List |
n |
s |
m Filtering | 102 |
|
|
||
Understanding Local List n s |
m Filtering | 103 |
||||||
Local List |
n |
s m Filtering C |
n |
r |
n Overview | 103 |
||
Example: C |
n |
r n Local List |
n |
s |
m Filtering | 104 |
||
|
Requirements | 104 |
|
|
|
|||
|
|
|
|
||||
|
Overview | 105 |
|
|
|
|||
|
C n |
|
r |
n | 105 |
|
|
|
|
V r |
c |
|
n | 111 |
|
|
|
|
|
|
|
|
|
|
|
4Content Filtering
Content Filtering | 114
Content Filtering Overview | 114
Understanding Content Filtering Protocol Support | 116
Specifying Content Filtering Protocols (CLI Procedure) | 118
Content Filtering C n |
r n Overview | 118 |
|||
Example: C n |
r n |
Content Filtering Custom Objects | 119 |
||
|
Requirements | 119 |
|||
|
||||
|
Overview | 120 |
|
||
|
C n |
r |
n | 120 |
|
|
V r |
c |
n | 123 |
|
Example: C n |
r n |
Content Filtering UTM Policies | 123 |
||
|
Requirements | 124 |
|||
|
||||
|
Overview | 124 |
|
||
|
C n |
r |
n | 124 |
|
|
V r |
c |
n | 125 |
|
Example: |
|
c n Content Filtering UTM Policies to Security Policies | 126 |
||
|
Requirements | 126 |
|||
|
||||
|
Overview | 126 |
|
||
|
C n |
r |
n | 126 |
|
|
V r |
c |
n | 128 |
|
|
|
|
|
|
Monitoring Content Filtering C n r ns | 129
vii
5Web Filtering
Web Filtering Overview | 132
Enhanced Web Filtering | 134
Enhanced Web Filtering Overview | 134
Understanding the Enhanced Web Filtering Process | 136
r |
n |
Category Upgrading and Base Filter C n r n Overview | 144 |
||
Example: C |
n |
r n Enhanced Web Filtering | 146 |
||
|
|
Requirements | 147 |
||
|
|
|||
|
|
Overview | 147 |
||
|
|
C n |
r |
n | 149 |
|
|
V r c |
|
n | 160 |
|
|
|
|
|
Understanding the Q |
r n n |
c n for Enhanced Web Filtering | 164 |
|||
Example: C |
n |
r n |
Site R |
n c n for Enhanced Web Filtering | 167 |
|
|
Requirements | 167 |
|
|||
|
|
||||
|
Overview | 167 |
|
|
||
|
C n |
r |
n | 168 |
|
|
|
V r c |
|
n | 172 |
|
|
|
|
|
|
|
|
TAP Mode Support Overview for UTM | 176
Local Web Filtering | 178
Understanding Local Web Filtering | 179
Example: C |
n |
r n Local Web Filtering | 182 |
||
|
Requirements | 182 |
|||
|
Overview | 182 |
|||
|
C |
n |
r |
n | 185 |
|
V |
r c |
|
n | 194 |
|
|
|
|
|
Redirect Web Filtering | 196
Understanding Redirect Web Filtering | 196
Example: Enhancing Security by C n r n Redirect Web Filtering Using Custom Objects | 198
Requirements | 199
Overview | 199
viii
C |
n |
r |
n | 200 |
V |
r |
c |
n | 208 |
Safe Search Enhancement for Web Filtering | 212
Safe Search Enhancement for Web Filtering Overview | 213
C n |
r |
Web Filtering with Safe Search | 215 |
|
|
Requirements | 216 |
||
|
Overview | 216 |
||
|
C n |
r n | 217 |
|
|
V r |
c |
n | 221 |
Monitoring Web Filtering C n r ns | 223 |
6 |
UTM Support for SRX100, SRX110, SRX210, SRX240, SRX550, SRX650, |
|||||||
and SRX1400 Devices |
|
|
||||||
|
|
|
||||||
|
Express n |
v r s |
r |
c |
n | 226 |
|||
|
Express |
n |
v r |
s r |
c |
n Overview | 226 |
||
|
Express |
n |
v r s C n |
r |
n Overview | 229 |
|||
|
Example: C |
n |
r n |
Express |
n v r s Custom Objects | 230 |
|||
|
|
Requirements | 230 |
|
|
||||
|
|
|
|
|||||
|
|
Overview | 230 |
|
|
|
|||
|
|
C n |
|
r |
n | 231 |
|
|
|
|
|
V r |
c |
n | 233 |
|
|
||
|
|
|
|
|
|
|
|
|
C |
n |
r n |
Express |
n |
v r |
s Custom Objects (J-Web Procedure) | 233 |
|||||
Example: C |
n |
r n |
Express |
n v r |
s Feature r |
s | 236 |
|||||
|
Requirements | 236 |
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|||||
|
Overview | 236 |
|
|
|
|
|
|
|
|||
|
C n |
r |
n | 237 |
|
|
|
|
|
|
||
|
V r |
c |
|
n | 242 |
|
|
|
|
|
|
|
C |
n |
r n |
Express |
n |
v r |
s Feature |
r |
s (J-Web Procedure) | 243 |
|||
Example: C |
n |
r n |
Express |
n v r |
s UTM Policies | 245 |
||||||
|
Requirements | 245 |
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|||||
|
Overview | 245 |
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
ix
|
C n |
|
r |
n | 246 |
|
|
|
|
|
|
|
|
|||||
|
V r |
|
c |
n | 246 |
|
|
|
|
|
|
|
|
|
||||
C |
n |
|
r n |
Express |
n |
v r |
s UTM Policies (J-Web Procedure) | 247 |
||||||||||
Example: |
|
c |
n |
Express |
n v r |
s UTM Policies to Security Policies | 247 |
|||||||||||
|
Requirements | 248 |
|
|
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|||||||||
|
Overview | 248 |
|
|
|
|
|
|
|
|
|
|
||||||
|
C n |
|
r |
n | 248 |
|
|
|
|
|
|
|
|
|||||
|
V r |
|
c |
n | 249 |
|
|
|
|
|
|
|
|
|
||||
|
c |
n |
Express |
n |
v r s UTM Policies to Security Policies (J-Web Procedure) | 249 |
||||||||||||
Express |
n |
v r s |
|
|
rn Updates | 251 |
|
|
|
|
|
|||||||
Understanding Express |
n |
v r s Scanner |
|
rn Updates | 252 |
|
||||||||||||
Example: |
|
m |
c |
y |
|
n |
Express |
n |
v r |
s |
rns | 253 |
|
|||||
|
Requirements | 253 |
|
|
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|||||||||
|
Overview | 253 |
|
|
|
|
|
|
|
|
|
|
||||||
|
C n |
|
r |
n | 253 |
|
|
|
|
|
|
|
|
|||||
|
V r |
|
c |
n | 254 |
|
|
|
|
|
|
|
|
|
||||
Example: |
|
m |
c |
y |
|
n |
Express |
n |
v r |
s |
rns (J-Web Procedure) | 255 |
||||||
Manually |
|
|
n |
Reloading, and |
n |
Express |
n v r s |
rns (CLI Procedure) | 255 |
|||||||||
Full |
n |
v r |
s |
r |
c |
|
n | 256 |
|
|
|
|
|
|
|
|||
Full |
n |
v r |
s r |
|
c |
n Overview | 257 |
|
|
|
|
|
||||||
Full |
n |
v r |
s C |
n |
|
r |
n Overview | 258 |
|
|
|
|
||||||
Example: C |
n |
r n |
Full |
n v r |
s Custom Objects | 259 |
|
|||||||||||
|
Requirements | 259 |
|
|
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|||||||||
|
Overview | 260 |
|
|
|
|
|
|
|
|
|
|
||||||
|
C n |
|
r |
n | 260 |
|
|
|
|
|
|
|
|
|||||
|
V r |
|
c |
n | 263 |
|
|
|
|
|
|
|
|
|
||||
C |
n |
|
r n |
Full |
n |
v r |
s Custom Objects (J-Web Procedure) | 263 |
||||||||||
Example: C |
n |
r n |
Full |
n v r |
s Feature |
r |
|
s | 266 |
|
||||||||
|
Requirements | 266 |
|
|
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|||||||||
|
Overview | 267 |
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
x
|
C n |
r |
n | 268 |
|
|
||
|
V r |
c |
n | 273 |
|
|
||
C n |
r n |
Full |
n |
v r s Feature |
r |
s (J-Web Procedure) | 274 |
|
Example: C |
n |
r n |
Full n v r |
s UTM Policies | 277 |
|||
|
Requirements | 277 |
|
|
||||
|
|
|
|||||
|
Overview | 277 |
|
|
|
|||
|
C n |
r |
n | 277 |
|
|
||
|
V r |
c |
n | 278 |
|
|
||
|
|
|
|
|
|
|
|
C |
n |
r n Full |
n |
v r |
s UTM Policies (J-Web Procedure) | 279 |
||||||||||
Example: |
|
c |
n |
Full |
n v r |
s UTM Policies to Security Policies | 279 |
|||||||||
|
Requirements | 280 |
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
||||||||
|
Overview | 280 |
|
|
|
|
|
|
|
|
|
|||||
|
C n |
r |
|
n | 280 |
|
|
|
|
|
|
|
||||
|
V r |
c |
n | 281 |
|
|
|
|
|
|
|
|
||||
|
c |
n |
Full |
n |
v r s UTM Policies to Security Policies (J-Web Procedure) | 281 |
||||||||||
Full |
n |
v r |
s |
|
rn Updates | 283 |
|
|
|
|
|
|||||
Understanding Full |
n |
v r s |
|
rn Updates | 284 |
|
|
|||||||||
Example: C n |
|
r n |
the Full |
n |
v r s |
|
|
rn Update Server | 285 |
|||||||
|
Requirements | 285 |
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
||||||||
|
Overview | 285 |
|
|
|
|
|
|
|
|
|
|||||
|
C n |
r |
|
n | 285 |
|
|
|
|
|
|
|
||||
|
V r |
c |
n | 286 |
|
|
|
|
|
|
|
|
||||
Full |
n v r s |
|
|
rn Update C n |
r |
|
n Overview | 287 |
|
|||||||
Example: |
|
m |
|
c |
y |
|
n |
Full |
n |
v r |
s |
rns | 288 |
|
||
|
Requirements | 288 |
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
||||||||
|
Overview | 288 |
|
|
|
|
|
|
|
|
|
|||||
|
C n |
r |
|
n | 288 |
|
|
|
|
|
|
|
||||
|
V r |
c |
n | 289 |
|
|
|
|
|
|
|
|
||||
Example: |
|
m |
|
c |
y |
|
n |
Full |
n |
v r |
s |
rns (J-Web Procedure) | 290 |
|||
Manually |
|
|
n |
Reloading, and |
|
n Full n |
v r s |
rns (CLI Procedure) | 290 |
xi
Full |
n v r s File Scanning | 292 |
|
|
|
||||||
Understanding the Full |
n |
v r s Scan Engine | 293 |
|
|||||||
Understanding Full |
n |
v r |
s Scan Mode Support | 294 |
|||||||
C |
n |
r n |
Full |
n |
v r |
s File Extension Scanning (CLI Procedure) | 295 |
||||
Example: C |
n |
r n |
Full |
n v r s File Extension Scanning | 295 |
||||||
|
Requirements | 296 |
|
|
|
|
|||||
|
|
|
|
|
||||||
|
Overview | 296 |
|
|
|
|
|
|
|||
|
C n |
r |
n | 296 |
|
|
|
|
|||
|
V r |
c |
n | 297 |
|
|
|
|
|
||
Understanding Full |
n |
v r |
s Scan Level S |
n s | 298 |
||||||
Example: C |
n |
r n |
Full |
n v r s Scan S |
n s at |
r n Levels | 298 |
||||
|
Requirements | 299 |
|
|
|
|
|||||
|
|
|
|
|
||||||
|
Overview | 299 |
|
|
|
|
|
|
|||
|
C n |
r |
n | 299 |
|
|
|
|
|||
|
V r |
c |
n | 301 |
|
|
|
|
|
||
Understanding Full |
n |
v r |
s Intelligent Prescreening | 301 |
|||||||
Example: C |
n |
r n |
Full |
n v r s Intelligent Prescreening | 302 |
||||||
|
Requirements | 302 |
|
|
|
|
|||||
|
|
|
|
|
||||||
|
Overview | 302 |
|
|
|
|
|
|
|||
|
C n |
r |
n | 303 |
|
|
|
|
|||
|
V r |
c |
n | 304 |
|
|
|
|
|
||
Understanding Full |
n |
v r |
s Content Size Limits | 304 |
|||||||
C |
n |
r n |
Full |
n |
v r |
s Content Size Limits (CLI Procedure) | 305 |
||||
Understanding Full |
n |
v r |
s Decompression Layer Limits | 305 |
|||||||
C |
n |
r n |
Full |
n |
v r |
s Decompression Layer Limits (CLI Procedure) | 306 |
||||
Understanding Full |
n |
v r |
s Scanning Timeouts | 306 |
|||||||
C |
n |
r n |
Full |
n |
v r |
s Scanning Timeouts (CLI Procedure) | 307 |
||||
Understanding Full |
n |
v r |
s Scan Session |
r |
n |
| 307 |
||||
C |
n |
r n |
Full |
n |
v r |
s Scan Session r |
n |
(CLI Procedure) | 307 |
xii
Full |
|
n v r |
s Scan Results and Fallback |
ns | 309 |
|||||||
|
|
Understanding Full |
n |
v r s Scan Result Handling | 310 |
|||||||
|
|
Monitoring |
n |
v r |
s Scan Engine Status | 310 |
|
|
||||
|
|
Monitoring |
n |
v r |
s Session Status | 312 |
|
|
||||
|
|
Monitoring |
n |
v r |
s Scan Results | 313 |
|
|
||||
|
|
Understanding |
n |
v r |
s Scanning Fallback |
ns | 316 |
|||||
|
|
Example: C |
n |
r n |
n v r |
s Scanning Fallback |
ns | 317 |
||||
|
|
|
Requirements | 317 |
|
|
|
|||||
|
|
|
|
|
|
||||||
|
|
|
Overview | 317 |
|
|
|
|
||||
|
|
|
C n |
|
r |
n | 318 |
|
|
|
||
|
|
|
V r |
c |
n | 320 |
|
|
|
|
||
Full |
|
n v r |
s |
|
c |
|
n Protocol Scanning | 322 |
|
|||
|
|
Understanding Full |
n |
v r s |
c n Protocol Scanning | 322 |
||||||
|
|
||||||||||
|
|
Understanding HTTP Scanning | 324 |
|
|
|||||||
|
|
Enabling HTTP Scanning (CLI Procedure) | 325 |
|
|
|||||||
|
|
Understanding FTP |
n |
v r s Scanning | 325 |
|
|
|||||
|
|
Enabling FTP |
n v r s Scanning (CLI Procedure) | 326 |
|
|||||||
|
|
Understanding SMTP |
n v r s Scanning | 326 |
|
|||||||
|
|
Enabling SMTP |
n |
v r |
s Scanning (CLI Procedure) | 329 |
||||||
|
|
Understanding POP3 |
n v r s Scanning | 329 |
|
|
||||||
|
|
Enabling POP3 |
n |
v r |
s Scanning (CLI Procedure) | 331 |
||||||
|
|
Understanding IMAP |
n v r s Scanning | 331 |
|
|
||||||
|
|
Enabling IMAP |
n |
v r |
s Scanning (CLI Procedure) | 334 |
||||||
|
|
|
|
|
|
|
|
|
|
|
|
Integrated Web Filtering | 335
Understanding Integrated Web Filtering | 335
Example: C n r n Integrated Web Filtering | 339
Requirements | 339
Overview | 339
xiii
|
|
C n |
r n | 340 |
|
|
|
|
V r c |
n | 349 |
|
|
|
Displaying Global SurfControl URL Categories | 351 |
||||
7 |
C n |
r |
n Statements |
|
|
|
c |
n (Security UTM Web Filtering) | 360 |
|||
|
address-blacklist | 361 |
|
|
||
|
address-whitelist | 363 |
|
|
||
|
admin-email | 364 |
|
|
||
|
administrator-email (Security Fallback Block) | 365 |
||||
|
administrator-email (Security Virus |
c n) | 367 |
|||
|
allow-email (Security Fallback Block) | 368 |
||||
|
allow-email (Security Virus |
c |
n) | 370 |
cn (Security Policies) | 371
c |
n |
r xy (Security UTM) | 373 |
n s |
m |
| 375 |
ns m (Security UTM Policy) | 377
n |
v r |
s | 379 |
n |
v r |
s (Security UTM Policy) | 383 |
avira-engine | 385 block-command | 387 block-content-type | 388 block-extension | 390
block-message (Security UTM) | 391 block-mime | 393
cache | 394
xiv
category (Security Logging) | 396 |
|
||||
category (Security Web Filtering) | 398 |
|
||||
c |
n |
n |
r n |
(Security Feature r |
) | 409 |
c |
n |
n |
r n |
(Security UTM Policy) | 412 |
|
content-size | 414 |
|
content-size (Security n v r s Sophos Engine) | 416
content-size-limit | 418 |
|
|
c rr |
| 419 |
|
custom-block-message | 421 |
|
|
custom-message (Security Content Filtering) | 422 |
||
custom-message (Security Email N |
y) | 424 |
|
custom-message (Security Fallback Block) | 425 |
||
custom-message (Security Fallback Non-Block) | 427 |
||
custom-message (Security Virus |
c n) | 428 |
custom-message (Security Web Filtering) | 430 custom-message-subject (Security Email N y) | 432 custom-message-subject (Security Fallback Block) | 433
custom-message-subject (Security Fallback Non-Block) | 435
custom-message-subject (Security Virus |
c n) | 436 |
|
custom-objects | 438 |
|
|
custom-page | 440 |
|
|
c s m |
| 442 |
|
custom-tag-string | 444 custom-url-category | 445 decompress-layer | 447
xv
decompress-layer-limit | 449 |
|
|
|
|||||
default (Security |
n |
v r |
s) | 452 |
|
||||
default (Security |
n |
v r |
s Sophos Engine) | 453 |
|||||
default (Security UTM) | 455 |
|
|
|
|||||
default (Security Web Filtering) | 456 |
||||||||
display-host (Security Fallback Block) | 458 |
||||||||
display-host (Security Virus |
|
|
c |
n) | 460 |
||||
wn |
r |
(Security |
n |
|
v r |
s FTP) | 461 |
||
wn |
r |
(Security Content Filtering FTP) | 463 |
||||||
m n |
y | 464 |
|
|
|
|
|
|
|
engine-not-ready | 466 |
|
|
|
|
|
|||
engine-not-ready (Security |
n |
|
v r |
s Sophos Engine) | 467 |
||||
xc |
n | 469 |
|
|
|
|
|
|
|
xc |
n (Security Content Filtering) | 470 |
|||||||
fallback-block (Security |
n |
v r |
s) | 472 |
|||||
fallback-non-block (Security |
n |
v r s) | 474 |
||||||
b c |
ns (Security |
n |
v r |
s Juniper Express Engine) | 476 |
||||
b c |
ns (Security |
n |
v r |
s Kaspersky Lab Engine) | 478 |
||||
b c |
ns (Security |
n |
v r |
s Sophos Engine) | 480 |
b c |
s |
n |
s (Security |
Web Filtering) | 481 |
|
b |
c |
s |
n |
s (Security |
Web Filtering Juniper Local) | 483 |
b |
c |
s |
n s (Security Web Filtering Websense Redirect) | 485 |
||
|
r |
r |
|
| 487 |
|
n m |
|
x ns n | 498 |
|
fl (SMTP) | 499
xvi
format (Security Log Stream) | 501 forwarding-mode (Security UTM Policy) | 503 from-zone (Security Policies) | 505
ft |
(UTM Policy n |
V r s) | 509 |
|
ft |
(UTM Policy Content Filtering) | 511 |
||
hold-interval | 513 |
|
||
host (Security Web Filtering) | 514 |
|||
|
r |
(Security |
n v r s) | 516 |
|
r |
(Security Content Filtering) | 517 |
r(Security Web Filtering) | 518
m r (Security UTM Policy n v r s) | 520
mr (Security UTM Policy Content Filtering) | 521 rs s | 522
r ss mb |
| 524 |
intelligent-prescreening | 525 |
|
interval (Security |
n v r s) | 527 |
ipc | 529 |
|
juniper-enhanced | 531 juniper-express-engine | 533 juniper-local | 536 kaspersky-lab-engine | 538 limit (UTM Policy) | 541
list | 542
list (Security Content Filtering Block Mime) | 544 log (Security) | 545
xvii
m m |
rn | 551 |
|
|
|
|
|||
mime-whitelist | 552 |
|
|
|
|||||
no-autoupdate | 554 |
|
|
|
|||||
no-intelligent-prescreening | 556 |
|
|
|
|||||
n |
n |
y m |
r c |
n | 557 |
|
|
|
|
n |
n |
y m |
s |
n |
r (Security Content Filtering N |
c n |
ns) | 559 |
|
n |
n |
y m |
s |
n |
r (Security Fallback Block) | 560 |
|
|
|
n |
n |
y m |
s |
n |
r (Security Virus |
c n) | 562 |
|
|
no-sbl-default-server | 563 |
|
|
|
|
||||
n |
c |
n |
|
ns (Security |
n |
v r s) | 565 |
|
|
n |
c |
n |
|
ns (Security Content Filtering) | 567 |
|
|||
n |
y m |
r c |
n | 569 |
|
|
|
|
|
n |
y m |
s |
n |
r (Security Content Filtering N |
c n |
ns) | 570 |
||
n |
y m |
s |
n |
r (Security Fallback Block) | 572 |
|
|
||
n |
y m |
s |
n |
r (Security Virus |
c n) | 573 |
|
|
|
no-uri-check | 575 |
|
|
|
|
||||
out-of-resources | 576 |
|
|
|
|
||||
out-of-resources (Security n |
v r |
s Sophos Engine) | 578 |
|
|||||
over-limit | 579 |
|
|
|
|
|
cr | 581
password (Security |
n v r |
s) | 583 |
|
ssw r |
| 585 |
|
|
rn |
(Security |
n v r s) | 586 |
|
permit-command | |
588 |
|
|
policies | 590 |
|
|
|
xviii
3 |
r |
(Security UTM Policy |
n v r s) | 600 |
|||
3 |
r |
(Security UTM Policy Content Filtering) | 601 |
||||
port (Security n |
v r s) | 603 |
|
||||
port (Security Web Filtering Server) | 604 |
||||||
primary-server | 605 |
|
|
||||
r |
(Security |
n |
s |
m SBL) | 607 |
||
r |
(Security |
n |
v r |
s Juniper Express Engine) | 609 |
||
r |
(Security |
n |
v r |
s Kaspersky Lab Engine) | 611 |
||
r |
(Security Content Filtering) | 614 |
|||||
r |
(Security Sophos Engine n |
v r s) | 616 |
r| 618
r(Security Web Filtering Juniper Enhanced) | 621
r(Security Web Filtering Juniper Local) | 623
r(Security Web Filtering Surf Control Integrated) | 625
r(Security Web Filtering Websense Redirect) | 627 protocol-command | 629
proxy (Security |
n v r |
s) | 630 |
|||
r |
xy |
r |
| 632 |
|
|
q |
r n |
n |
m ss |
(Security UTM) | 633 |
|
r |
n |
ns |
nc |
(Security UTM) | 635 |
|
sbl | 637 |
|
|
|
||
sbl-default-server | 639 |
|||||
scan-extension | 640 |
|
||||
scan-mode | 641 |
|
||||
sc n |
ns (Security |
n v r s Juniper Express Engine) | 643 |
xix
sc n |
ns (Security |
n |
v r |
s Kaspersky Lab Engine) | 645 |
|
sc |
n |
ns (Security |
n |
v r |
s Sophos Engine) | 647 |
sc |
n |
ns (Security |
n |
v r |
s Avira Engine) | 648 |
secondary-server | 650 |
|
|
|
|
||||||
server (Security |
n |
v r s) | 652 |
|
|
|
|||||
server (Security Sophos Engine n |
v r |
s) | 653 |
||||||||
server (Security Web Filtering) | 655 |
|
|
||||||||
s rv r c |
nn c v y | 657 |
|
|
|
||||||
session-scan | 659 |
|
|
|
|
|
|
||||
s |
r |
|
n |
c |
n | 660 |
|
|
|
||
size (Security Web Filtering Cache) | 662 |
|
|||||||||
sm |
|
r |
(Security UTM Policy |
n |
s |
m) | 664 |
||||
sm |
|
r |
(Security UTM Policy |
n |
v r |
s) | 665 |
||||
sm |
|
r |
(Security UTM Policy Content Filtering) | 666 |
|||||||
sockets | 668 |
|
|
|
|
|
|
|
|||
sophos-engine | 669 |
|
|
|
|
|
|||||
source-address | 672 |
|
|
|
|
|
|||||
s |
m |
c |
n | 673 |
|
|
|
|
|
|
|
s |
r |
m | 675 |
|
|
|
|
|
|
|
|
surf-control-integrated | 676 |
|
|
|
|||||||
sxl-retry | 679 |
|
|
|
|
|
|
|
|||
sx |
m |
|
| 680 |
|
|
|
|
|
|
|
m |
|
(Security |
n |
v r |
s Fallback |
|
|
ns) | 682 |
||
m |
|
(Security |
n |
v r |
s Fallback |
|
|
ns Sophos Engine) | 684 |
||
m |
|
(Security |
n |
v r |
s Scan |
|
ns) | 685 |
xx
m(Security Web Filtering) | 687
m(Security Web Filtering Cache) | 688
m |
(Security Web Filtering Fallback S |
n |
s) | 690 |
||||||||
too-many-requests (Security |
n |
v r |
s Fallback |
ns) | 692 |
|||||||
too-many-requests (Security |
n |
v r |
s Fallback |
ns Sophos Engine) | 694 |
|||||||
too-many-requests (Security Web Filtering Fallback S n s) | 696 |
|||||||||||
to-zone (Security Policies) | 698 |
|
|
|
||||||||
r c |
|
ns (Security |
n |
s |
m) | 701 |
|
|
||||
r |
c |
|
ns (Security |
n |
v r |
s) | 703 |
|
|
|||
r c |
|
ns (Security |
|
c |
|
n Proxy) | 705 |
|
||||
r |
c |
|
ns (Security Content Filtering) | 708 |
|
|||||||
r c |
|
ns (Security UTM) | 709 |
|
|
|
||||||
r c |
|
ns (Security Web Filtering) | 711 |
|
||||||||
r c |
|
ns (SMTP) | 713 |
|
|
|
|
|
||||
r |
c |
|
ns | 715 |
|
|
|
|
|
|
|
|
trickling |
| |
716 |
|
|
|
|
|
|
|
||
type (Security |
n v r s Feature |
r |
) | 718 |
|
|||||||
type (Security Content Filtering N |
c |
n |
ns) | 720 |
||||||||
type (Security Fallback Block) | 722 |
|
|
|
||||||||
type (Security Virus |
c |
n) | 724 |
|
|
|||||||
type (Security Web Filtering) | 726 |
|
|
|
||||||||
|
|
r |
|
(Security |
n v r |
s FTP) | 728 |
|
||||
|
|
r |
|
(Security Content Filtering FTP) | 729 |
|||||||
uri-check | 730 |
|
|
|
|
|
|
|
||||
url (Security |
n v r s) | |
732 |
|
|
|
|
|
xxi
url-blacklist | 733 |
|
|
|||
r |
rn | 735 |
|
|
||
url-whitelist |
| |
739 |
|
|
|
url-whitelist |
| |
740 |
|
|
|
username (Security |
n v r |
s) | 741 |
|||
utm | 743 |
|
|
|
|
|
utm |
|
c n r |
n | 754 |
||
utm-policy | 762 |
|
|
|||
utm-policy ( |
|
c |
n Services) | 764 |
||
v r s |
c |
n (Security |
n v r s) | 766 |
||
w b |
r n |
| 768 |
|
|
|
w b |
r n |
(Security UTM Policy) | 774 |
|||
websense-redirect | 775 |
|
8 |
r |
n Commands |
|
|
|
|
|||
|
clear security utm |
n |
s |
m s |
s |
cs | 780 |
|||
|
clear security utm |
n |
v r |
s s |
|
s |
cs | 783 |
||
|
clear security utm c |
n |
n |
|
|
r n |
s |
s cs | 786 |
|
|
clear security utm session | 790 |
|
|
||||||
|
clear security utm w b |
r n |
s |
s |
cs | 791 |
||||
|
request security utm |
n |
v r |
s juniper-express-engine | 794 |
|||||
|
request security utm |
n |
v r |
s kaspersky-lab-engine | 796 |
|||||
|
request security utm |
n |
v r |
s sophos-engine | 798 |
|||||
|
request security utm |
n |
v r |
s avira-engine | 800 |
|||||
|
request security utm w b |
|
|
r n |
category install | 803 |
||||
|
request security utm w b |
|
|
r n |
category uninstall | 805 |
xxii
request security utm w |
b |
r n |
category download-install [version] | 806 |
|
request security utm w b |
r n |
category download [version] | 808 |
||
request security utm w b |
r n |
custom-page reload | 809 |
||
show c n r n smtp |
| 811 |
|
||
show groups junos-defaults | 813 |
||||
show security log | 815 |
|
|
||
show security policies | 819 |
|
|||
show security utm |
n |
s |
m s |
s cs | 841 |
show security utm |
n |
s |
m status | 847 |
|
show security utm |
n |
v r |
s s |
s cs | 849 |
show security utm |
n |
v r |
s status | 856 |
show security utm c |
n n |
r n |
s |
s cs | 859 |
|||
show security utm session | 864 |
|
|
|
||||
show security utm status | 866 |
|
|
|
||||
show security utm w b |
r n |
category b s |
r | 867 |
||||
show security utm w b |
r n |
category category | 870 |
|||||
show security utm w b |
r n |
category status | 872 |
|||||
show security utm w b |
r n |
s |
s |
cs | 874 |
|
||
show security utm w b |
r n |
status | 881 |
|
||||
test security utm |
n |
s |
m | 884 |
|
|
|
|
test security utm |
n |
nc |
w b |
r n url-check | 888 |
|||
test security utm w b |
r n |
r |
|
| 892 |
|
xxiii
Use this guide to c n r monitor, and manage the n Threat Management (UTM) features in Junos OS NFX Series and SRX Series devices to secure the network from viruses, malware, or malicious
c m n s and protect the users from security threats.
1
CHAPTER
UTM Overview | 2
UTM Supported Features | 6
2
IN THIS SECTION
n Threat Management Overview | 2
nThreat Management (UTM) provides m security features and services in a single device or
service on the network, r |
c |
n |
users from security threats in a s m |
way. UTM includes |
|
||
nc ns such as n v r s |
n |
s |
m content |
r n and web |
r n |
UTM secures the network from |
|
viruses, malware, or malicious |
|
c m n s by scanning the incoming data using Deep Packet ns |
c n |
||||
and prevents access to unwanted websites by installing Enhanced Web |
r n For more n rm |
n |
|||||
see the following topics: |
|
|
|
|
|
|
|
nThreat Management Overview
IN THIS SECTION
Understanding UTM Custom Objects | 4
n |
Threat Management (UTM) is a term used to describe the c ns |
n of several security |
|||
features into one device, r c n against m |
|
threat types. The advantage of UTM is streamlined |
|||
ns |
n and management of these m |
security c b |
s |
|
|
The security features provided as part of the UTM s |
n are: |
|
|
•n s m Filtering— E-mail spam consists of unwanted e-mail messages, usually sent by commercial,
malicious, or fraudulent n s The n s m feature examines r nsm e-mail messages to
n y e-mail spam. When the device detects an e-mail message deemed to be spam, it either drops the message or tags the message header or subject with a preprogrammed string. The n s m feature uses a constantly updated spam block list (SBL). Sophos updates and maintains the IP-based SBL. The n s m feature is a separately licensed s bscr n service.
3
• |
Content Filtering— Content |
r n |
blocks or permits certain types of |
r |
c based on the MIME |
||||||||||||||
|
type, |
extension, protocol command, and embedded object type. Content |
r n |
does not |
|||||||||||||||
|
require a separate license. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
• |
Web Filtering— Web |
r n lets you manage Internet usage by |
r v n |
n access to inappropriate |
|||||||||||||||
|
Web content. There are three types of Web |
|
r n s |
ns The integrated Web |
r n |
s |
n |
||||||||||||
|
the decision-making for blocking or |
rm |
n |
Web access is done on the device |
ft |
r it |
n |
s |
|||||||||||
|
the category for a URL either from |
s r |
n |
|
categories or from a category server (Websense |
||||||||||||||
|
provides the CPA Server). The integrated Web |
r n |
feature is a separately licensed s bscr |
n |
|||||||||||||||
|
service which is supported only on SRX Series devices. The redirect Web |
r n |
s |
n intercepts |
|||||||||||||||
|
HTTP requests and forwards the server URL to an external URL |
r n server provided by |
|
|
|||||||||||||||
|
Websense to determine whether to block or permit the requested Web access. Redirect Web |
||||||||||||||||||
|
r n does not require a separate license. With Juniper Local Web Filtering, the decision-making |
||||||||||||||||||
|
for blocking or |
rm n |
Web access is done on the device |
ft r it |
n |
s the category for a URL |
|||||||||||||
|
from s |
r |
n |
categories stored on the device. With Local |
r n there is no |
n |
|
Juniper |
|||||||||||
|
license or remote category server required. |
|
|
|
|
|
|
|
|
|
|
|
|||||||
• |
S r n |
with Junos OS Release 15.1X49-D60 and Junos OS Release 17.3R1, on SRX1500 Services |
|||||||||||||||||
|
Gateways and vSRX instances, UTM policies, |
r |
s MIME |
|
rns |
|
n m extensions, and |
||||||||||||
|
protocol-command numbers are increased to 500; custom URL |
rns and custom URL categories |
|||||||||||||||||
|
are increased to 1000. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
S r n |
with Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, SRX4100 and SRX4200 |
|||||||||||||||||
|
devices support up to 500 UTM policies, |
r |
|
s MIME |
rns |
n m extensions, and protocol |
|||||||||||||
|
commands, and up to 1000 custom URL |
|
rns and custom URL categories. |
|
|
|
|
||||||||||||
|
S r n |
with Junos OS Release 18.2R1, NFX150 devices support up to 500 UTM policies, |
r |
s |
|||||||||||||||
|
MIME |
|
rns |
n m |
extensions, and protocol commands, and up to 1000 custom URL |
|
rns |
||||||||||||
|
and custom URL categories. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
S r n |
with Junos OS Release 18.2R1, the following commands under the [edit security utm |
rr hierarchy level are deprecated:
• |
set w b |
r n |
type |
|
|
• |
set w |
b |
r n |
url-blacklist |
|
• |
set w |
b |
r n |
url-whitelist |
|
• |
set w b |
r n |
|
rs s |
|
• |
set w b |
r n |
r |
ss mb |
|
• |
set w b |
r n |
r c |
ns |
|
• |
set w b |
r n |
juniper-enhanced cache |
4
• |
set w b |
|
r n |
juniper-enhanced r |
n |
|
|
|
|||
• |
set w b |
|
r n |
juniper-enhanced query-type |
|
|
|
||||
• |
set |
n |
v r |
s mime-whitelist |
|
|
|
|
|
||
• |
set |
n |
v r |
s url-whitelist |
|
|
|
|
|
||
• |
set |
n |
v r |
s type |
|
|
|
|
|
|
|
• |
set |
n |
v r |
s r c |
ns |
|
|
|
|
|
|
• |
set |
n |
v r |
s sophos-engine |
|
|
|
|
|
||
• |
set |
n |
s |
m address-blacklist |
|
|
|
|
|
||
• |
set |
n |
s |
m address-whitelist |
|
|
|
|
|||
• |
set |
n |
s |
m r c |
ns |
|
|
|
|
|
|
• |
set c |
n |
n |
|
r n |
r c |
ns |
|
|
|
|
S |
r n |
with Junos OS Release 18.4R3, on SRX1500, SRX4100, SRX4200, SRX4600, SRX4800, |
|||||||||
SRX5400, SRX5600, and SRX5800 devices, UTM policies, r |
s MIME |
rns |
n m |
extensions, protocol commands, and custom messages, are increased up to 1500. Custom URL rns and custom URL categories are increased up to 3000.
This feature requires a license. To understand more about UTM Licensing, see, Understanding UTM Licensing. Please refer to the Juniper Licensing Guide for general n rm n about License Management. Please refer to the product Data Sheets at SRX Series Services Gateways for details, or contact your Juniper Account Team or Juniper Partner.
• n v r |
s |
The Avira n v r |
s module in the n |
threat management (UTM) s |
n consists of a |
|||||
virus |
|
rn database, an |
c |
n proxy, a scan manager, and a c n |
r b |
scan engine. The |
||||
n v r |
s module on the SRX Series device scans s |
c c |
c |
n layer |
r |
c to protect the user |
||||
from virus |
c s and to prevent viruses from spreading. |
|
|
|
|
|
Understanding UTM Custom Objects
Before you can c |
n r most UTM features, you must rs c n r the custom objects for the |
feature in q s |
n Custom objects are global parameters for UTM features. This means that c n r |
custom objects can be applied to all UTM policies where applicable, rather than only to individual policies.
The following UTM features make use of certain custom objects:
• Web Filtering (see "Example: C n r n Integrated Web Filtering" on page 339)
5
• |
n |
S |
m (see "Server-Based n |
s |
m Filtering C |
n r |
n Overview" on page 93) |
|
|
|||||
• Content Filtering (see "Content Filtering C |
n |
r |
n Overview" on page 118) |
|
|
|
||||||||
S |
r n |
in Junos OS Release 18.2R1, a new dynamic |
c |
n policy match c n |
n is added to SRX |
|||||||||
Series devices, allowing an administrator to more |
c |
v y control the behavior of Layer 7 |
|
|
||||||||||
|
c |
ns To accommodate Layer 7 |
c |
n b s |
policies in UTM, the [edit security utm |
|
|
|||||||
c |
n |
r |
n hierarchy level is introduced. If any parameter in a s |
c c UTM feature r |
|
|
||||||||
c |
n |
r |
n is not c |
n r then the corresponding parameter from the UTM default c n |
r |
n |
||||||||
is applied. |
n |
y during the n |
|
policy lookup phase which occurs prior to a dynamic |
c |
n |
||||||||
being |
n |
if there are m |
policies present in the |
n policy list which contains |
r |
n |
||||||||
UTM |
r |
s the SRX Series device applies the default UTM |
r |
n a more explicit match has |
|
occurred.
SEE ALSO |
|
|
|
|
|
|
|
|
|
UTM Supported Features | |
6 |
|
|
|
|
||
|
|
|
|
|
||||
Release History Table |
|
|
|
|
|
|
||
Release |
scr |
n |
|
|
|
|
|
|
|
|
|
|
|||||
18.4R3 |
S r n |
with Junos OS Release 18.4R3, on SRX1500, SRX4100, SRX4200, SRX4600, SRX4800, |
|
|||||
|
|
SRX5400, SRX5600, and SRX5800 devices, UTM policies, r |
s MIME |
rns |
n m |
|
||
|
|
extensions, protocol commands, and custom messages, are increased up to 1500. Custom URL |
|
|||||
|
|
rns and custom URL categories are increased up to 3000 |
|
|
|
|
||
|
|
|
|
|||||
18.2R1 |
S r n |
with Junos OS Release 18.2R1, NFX150 devices support up to 500 UTM policies, r |
s |
|||||
|
|
MIME |
rns |
n m extensions, and protocol commands, and up to 1000 custom URL |
rns |
|||
|
|
and custom URL categories. |
|
|
|
|
||
|
|
|
|
|||||
18.2R1 |
S r n |
with Junos OS Release 18.2R1, the following commands under the [edit security utm |
|
rr hierarchy level are deprecated:
18.2R1 |
S r |
n in Junos OS Release 18.2R1, a new dynamic |
c |
n policy match c |
n |
n is added to |
||||||||
|
SRX Series devices, allowing an administrator to more |
c v |
y control the behavior of Layer 7 |
|||||||||||
|
|
c |
ns To accommodate Layer 7 |
c |
n b s |
policies in UTM, the [edit security utm |
||||||||
|
|
c |
n |
r |
n hierarchy level is introduced. If any parameter in a s c c UTM feature |
|||||||||
|
r |
c |
n |
r |
n is not c |
n |
r then the corresponding parameter from the UTM default |
|||||||
|
c n |
r |
|
n is applied. |
n |
y during the n |
policy lookup phase which occurs prior to a |
|||||||
|
dynamic |
|
c |
n being |
n |
if there are m |
policies present in the |
n |
|
policy list |
||||
|
which contains |
r n UTM r |
s the SRX Series device applies the default UTM |
r |
n a |
|||||||||
|
more explicit match has occurred. |
|
|
|
|
|
|
|
|
6
15.1X49- |
S r n with Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, SRX4100 and |
||||
D70 |
SRX4200 devices support up to 500 UTM policies, |
r |
s MIME |
rns |
n m extensions, |
|
and protocol commands, and up to 1000 custom URL |
rns and custom URL categories. |
|||
|
|
||||
15.1X49- |
S r n with Junos OS Release 15.1X49-D60 and Junos OS Release 17.3R1, on SRX1500 Services |
||||
D60 |
Gateways and vSRX instances, UTM policies, r |
s MIME |
rns n m |
extensions, and |
|
|
protocol-command numbers are increased to 500; custom URL |
rns and custom URL |
|||
|
categories are increased to 1000. |
|
|
|
|
|
|
|
|
|
|
RELATED DOCUMENTATION
Web Filtering Overview | 132
n s m Filtering Overview | 90
Express n v r s r c n | 226
IN THIS SECTION
WELF Logging for UTM Features | 6
Explicit Proxy for UTM | 12
n Policies for UTM | 20
UTM Support for Chassis Cluster | 22
Allowlist | 24
IN THIS SECTION
Understanding WELF Logging for UTM Features | 7
7
Example: C n r n WELF Logging for UTM Features | 8
UTM features support the WELF standard. The WELF Reference |
|
n s the WebTrends industry |
|||||
standard log |
exchange format. Any system logging to this format is c |
m |
b with Firewall Suite |
||||
2.0 and later, Firewall R r n |
Center 1.0 and later, and Security R |
r |
n |
Center 2.0 and later. |
|||
A WELF log |
is composed of records. Each record is a single line in the |
|
Records are always in |
||||
chronological order. The earliest record is the |
rs record in the |
the most recent record is the last |
|||||
record in the |
WELF places no r s r c ns on log n m s or log |
|
r |
n policies. |
|||
|
|
|
|
|
|
||
NOTE: Each WELF record is composed of |
s The record |
n |
r |
|
(id=) must be the rs |
||
in a record. All other |
s can appear in any order. |
|
|
|
|
||
|
|
|
|
|
|
|
|
The following is a sample WELF record:
id=firewall time="2000-2-4 12:01:01" fw=192.168.0.238 pri=6 rule=3 proto=http
src=192.168.0.23 dst=6.1.0.36 rg=www.example.com/index.html op=GET
result=0
rcvd=1426
The |
s from the example WELF record include the following required elements (all other |
s are |
|||
|
n |
) |
|
|
|
• |
id (Record |
n |
r) |
|
|
• |
m ( |
m |
) |
|
•fw (Firewall IP address or name)
•pri (Priority of the record)