Use the Unified Threat Management (UTM) policy page to configure device profiles.
The device profile is used to configure UTM global options for a device. The device profile refers to the antispam, antivirus, and Web filtering profiles.
Read the UTM Overview topic.
Decide which kind of filtering you want for the UTM policy: Web filtering, antispam, antivirus, content filtering, or device.
Review the device profile main page for an understanding of your current data set. See Device Profiles Main Page Fields for field descriptions.
Note: When you configure the MIME whitelist feature, be aware that, because header information in HTTP traffic can be spoofed, you cannot always trust HTTP headers to be legitimate. When a Web browser is determining the appropriate action for a given file type, it detects the file type without checking the MIME header contents. However, the MIME whitelist feature does refer to the MIME encoding in the HTTP header. For these reasons, it is possible in certain cases for a malicious website to provide an invalid HTTP header. For example, a network administrator might inadvertently add a malicious website to a MIME whitelist, and, because the site is in the whitelist, it will not be blocked by Sophos even though Sophos has identified the site as malicious in its database. Internal hosts would then be able to reach this site and could become infected.
Configuring Device Profile Settings
To create a device profile:
Select Configure > UTM Policy > Device Profiles.
Click Create.
Complete the configuration according to the guidelines provided in Table 1.
Click Finish.
Table 217: Device Profile Settings
Setting | Guideline |
|---|---|
General Information | |
Name | Enter a unique name for the device profile that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters. |
Description | Enter a description for the device profile; maximum length is 255 characters. |
Devices | Assign a device or devices to a profile by selecting the device or devices in the Available column and moving them to the Selected column. Note: If a device is already assigned to a profile, it will not be listed in the Available column. |
Antispam Profile | |
Address Whitelist | Select an address whitelist for local spam filtering. Whitelists include addresses that you want to exclude from undergoing antispam processing. (These lists are configured as custom objects.) Note: When both the whitelist and blacklist are in use, the whitelist is checked first. If there is no match, then the blacklist is checked. A |
Address Blacklist | Select an address blacklist for local spam filtering. Blacklists include addresses that you want to exclude. (These lists are configured as custom objects.) Note: When both the whitelist and blacklist are in use, the whitelist is checked first. If there is no match, then the blacklist is checked. |
Antivirus Profile | |
MIME Whitelist | Enter MIME types to create MIME bypass lists and exception lists. The device uses MIME types to decide which traffic may bypass antivirus scanning. The MIME whitelist defines a list of MIME types and can contain one or many MIME entries. You can use your own custom object lists, or you can use the default list that ships with the device called junos-default-bypass-mime. The following limitations apply:
|
Exception MIME Whitelist | Enter MIME types to create an exception MIME whitelist that excludes some MIME types from the MIME whitelist. This list is a subset of MIME types found in the MIME whitelist. For example, if the MIME whitelist includes the entry, video/ and the exception list includes the entry video/x-shockwave-flash, by using these two lists, you can bypass objects with “video/” MIME type but not bypass “video/x-shockwave-flash” MIME type. |
URL Whitelist | Enter URLs or IP addresses to create a list of websites that are always bypassed for scanning. Because antivirus scanning is a CPU and memory intensive action, if there are URLs and IP addresses that you are confident do not require scanning, you might want to create this custom list and add them to it. |
Web Filtering Profile | |
URL Whitelist | Enter URLs to create a whitelist of websites that are always permitted. With local Web filtering, the firewall intercepts every HTTP request in a TCP connection and extracts the URL. The decision is done on the device after it looks up a URL to determine if it is in the whitelist or blacklist based on its user-defined category. Note: A Web filtering profile can contain one whitelist or one blacklist with multiple user-defined categories each with a permit or block action. |
URL Blacklist | Enter URLs to create a blacklist of websites that are always blocked. Note: A Web filtering profile can contain one whitelist or one blacklist with multiple user-defined categories each with a permit or block action. |
Site Reputation | Choose a reputation level. An action will be taken based on the reputation level returned for all types of URLs, whether categorized or uncategorized. |
© 2018 Juniper Networks, Inc. All rights reserved