utm default-configuration
语法
utm { default-configuration { anti-spam { address-blacklist; address-whitelist; sbl { custom-tag-string; (sbl-default-server | no-sbl-default-server); spam-action (block | tag-header | tag-subject); } traceoptions { flag name; } type (anti-spam-none | sbl); } anti-virus { mime-whitelist { exception; list; } sophos-engine { fallback-options { content-size (block | log-and-permit | permit); default (block | log-and-permit | permit); engine-not-ready (block | log-and-permit | permit); out-of-resources (block | log-and-permit | permit); timeout (block | log-and-permit | permit); too-many-requests (block | log-and-permit | permit); } forwarding-mode { hold; inline-tap; } notification-options { fallback-block { custom-message; custom-message-subject; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } fallback-non-block { custom-message; custom-message-subject; (notify-mail-recipient | no-notify-mail-recipient); } virus-detection { custom-message; custom-message-subject; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } } pattern-update { email-notify { admin-email; custom-message; custom-message-subject; } interval; no-autoupdate; proxy { password; port; server; username; } routing-instance; url; } scan-options { content-size-limit; timeout seconds; (uri-check | no-uri-check); } server { ip; routing-instance; } sxl-retry; sxl-timeout seconds; trickling timeout; } traceoptions { flag name; } url-whitelist; } content-filtering { block-command; block-content-type { activex; exe; http-cookie; java-applet; zip; } block-extension; block-mime { exception; list; } notification-options { custom-message; (notify-mail-sender | no-notify-mail-sender); seclog; type (message | protocol-only); } permit-command; traceoptions { flag name; } rule-set rule-set-name { /* New provision to add to default rules */ rule rule-name { } } type (content-filtering-none | local); } web-filtering { http-persist; http-reassemble; juniper-enhanced { base-filter; block-message { type custom-redirect-url; url; } cache { size kilobytes; timeout minutes; } category name { action (block | log-and-permit | permit | quarantine); custom-message; } custom-block-message; default (block | log-and-permit | permit | quarantine); fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } no-safe-search; quarantine-custom-message; quarantine-message { type custom-redirect-url; url; } reputation { reputation-fairly-safe; reputation-moderately-safe; reputation-suspicious; reputation-very-safe; } server { host; port; routing-instance; } site-reputation-action { fairly-safe (block | log-and-permit | permit | quarantine); harmful (block | log-and-permit | permit | quarantine); moderately-safe (block | log-and-permit | permit | quarantine); suspicious (block | log-and-permit | permit | quarantine); very-safe (block | log-and-permit | permit | quarantine); } timeout seconds; } juniper-local { block-message { type custom-redirect-url; url; } category name { action (block | log-and-permit | permit | quarantine); custom-message; } custom-block-message; default (block | log-and-permit | permit); fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } quarantine-custom-message; quarantine-message { type custom-redirect-url; url; } timeout seconds; } traceoptions { flag name; } url-blacklist; url-whitelist; websense-redirect { account; block-message { type custom-redirect-url; url; } category name { action (block | log-and-permit | permit | quarantine); custom-message; } custom-block-message; fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } quarantine-custom-message; quarantine-message { type custom-redirect-url; url; } server { host; port; routing-instance; } sockets; timeout seconds; } } } application-proxy; custom-objects; feature-profile; traceoptions; utm-policy junos-default-utm-policy; } }
层次结构级别
[edit security utm]
描述
内容安全默认配置用于两种方案。
Content Security default configuration for unified policies- 对于在未定义自定义内容安全策略的情况下启用内容安全的安全策略,将使用默认内容安全策略。
Content Security default configuration for existing Content Security policies- 对于启用了内容安全策略的现有安全策略,将不会使用默认内容安全策略。
选项
default-configuration |
全局默认内容安全配置。 |
anti-spam |
为反垃圾邮件功能配置文件配置默认内容安全配置。 |
anti-virus |
配置防病毒功能配置文件的默认内容安全配置。 |
content-filtering |
为内容筛选功能配置文件配置默认内容安全配置。 |
web-filtering |
配置 Web 筛选功能配置文件的默认内容安全配置。 |
utm-policy |
为防病毒、反垃圾邮件、内容过滤、流量选项和 Web 过滤协议配置内容安全策略,并将此策略附加到安全配置文件以进行实施。 |
traceoptions |
定义内容安全功能的跟踪操作。 |
feature-profile |
通过创建功能配置文件来配置内容安全功能、防病毒、反垃圾邮件、内容筛选和 Web 筛选。 |
application-proxy |
应用程序代理设置。 |
custom-objects |
在配置内容安全功能配置文件功能之前配置自定义对象。当自定义类别与其中一个预定义类别具有相同的名称时,它不会优先于预定义类别。不建议自定义类别名称与预定义类别名称相同。 |
其余语句将单独解释。请参阅 CLI 资源管理器。
所需权限级别
安全性 - 在配置中查看此语句。
安全控制 — 将此语句添加到配置中。
发布信息
从 Junos OS 21.4R1 版开始,可以从层次结构使用[edit security utm default-configuration content-filtering
在层次结构级别下[edit security utm utm-policy <utm-policy-name> content-filtering]
引入的规则集和规则配置。
不支持基于 MIME 类型、内容类型和协议命令的内容筛选选项。升级到 Junos OS 21.4R1 版后,层次结构下 [edit security utm utm-policy <utm-policy-name> content-filtering]
以前存在的基于文件扩展名的内容过滤选项将不再可用于配置。
Junos OS 21.4R1 版允许您在不想迁移到旧版功能时使用旧版功能。您将被允许使用旧版配置,但所有旧版配置旋钮都将弃用并隐藏。此外,当您使用所有已弃用的旧版旋钮时,您将收到系统日志和错误消息警告。
Junos OS 18.2R1 版中引入的语句。