Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Create a Default UTM Configuration

You can define the default parameters for security features in unified threat management (UTM). You can configure the parameters for the following:

Procedure

To create a default UTM configuration:

  1. Select Configure > UTM Policy > Default Configuration.
  2. Click + icon.

    The Create Default Configuration page is displayed.

  3. Complete the configuration according to the guidelines provided in Table 229.
  4. Click Finish.

    The configuration summary is displayed.

  5. Click OK.

    The default UTM configuration is created and assigned to the selected device(s).

Table 229: Default UTM Configuration Settings

Field

Description

General
General Information

Name

Enter the name of the default configuration.

Description

Enter a description for the default configuration. The maximum length is 255 characters.

Device

Select the devices(s) on which you want to assign default configuration. Devices with Junos OS Release 18.2 onward are listed here.

Web Filtering
Web Filtering Profiles by Traffic Protocol

HTTP Persist

Enable to configure the web-filtering engine type.

HTTP Reassemble

Enable to specify a unique customized list of all URLs or IP addresses for a given category that are bypassed for scanning.

Type

Select a web-filtering engine type.

  • Web-filter None—If you select this option for the first time, the type in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for type is deleted from the device.

  • Juniper Enhanced—Select this option to enable enhanced Web filtering on the device.

  • Juniper Local—Select this option to enable Juniper Networks local URL filtering on the device.

  • Websense Redirect—Select this option to redirect the URL to the Websense server.

URL Blacklist

Select the URL blocklist category to block the URLs in that category. To create a new URL blocklist category, click Create New URL Category.

A Web filtering profile can contain one allowlist or one blocklist with multiple user-defined categories each with a permit or block action.

URL Whitelist

Select the URL allowlist category to bypass all the URLs in that category. To create a new URL allowlist category, click Create New URL Category. With local Web filtering, the firewall intercepts every HTTP request in a TCP connection and extracts the URL.

A Web filtering profile can contain one allowlist or one blocklist with multiple user-defined categories each with a permit or block action.

Global

Base Filter

This field is applicable only when the Web Filtering Profile type is Juniper Enhanced.

When a URL category version is downloaded, a predefined base filter with default actions are also downloaded. All categories have default actions in a base filter. The base filter can be attached to user profile, which acts like a backup filter. The base filter takes action for the categories that are not configured in a user profile.

Select a predefined base filter, which has default actions for all categories, for Web filtering.

Account

This field is applicable only when the Web Filtering Profile type is Websense Redirect.

Enter the websense redirect account.

Custom Block Message

Specify a custom message to be displayed when HTTP requests are blocked.

Note: If a message begins with http: or https:, the message is considered a block message URL. Messages that begin with values other than http: or https: are considered custom block messages.

Default Action

This is applicable only when the Web Filtering Profile type is Juniper Enhanced or Juniper Local.

Select a default action for the profile for requests that experience internal errors in the web filtering module.

Select a default action.

  • None—If you select this option for the first time, the default action in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for default action is deleted from the device.

  • Permit—Permit the traffic.

  • Log and Permit—Log the error and permit the traffic.

  • Block—Log the error and deny the traffic.

  • Quarantine—Quarantine the traffic.

Safe Search

This option is applicable only when the Web Filtering Profile type is Juniper Enhanced.

Select a safe search solution to ensure that the embedded objects such as images on the URLs received from the search engines are safe and that no undesirable content is returned to the client.

Note: Safe search redirect supports HTTP only. You cannot extract the URL for HTTPS. Therefore, it is not possible to generate a redirect response for HTTPS search URLs. Safe search redirects can be disabled by clearing the Safe Search check box.

Quarantine Custom Message

Enter the quarantine custom message.

Sockets

This is applicable only when the Web Filtering Profile type is Websense Redirect.

Enter the number of sockets used for communicating between the client and server.

The range is 1 to 32.

Timeout

Select a timeout interval from 1 to 1800 seconds.

Cache

This section is applicable only when the Web Filtering Profile type is Juniper Enhanced.

Size

Specify a Juniper enhanced cache size. Select a cache size from 0 to 4096 Killobytes.

Timeout

Specify Juniper enhanced cache timeout. Select a timeout interval from 1 to 1800 minutes.

Block Message

Type

Select the type of block message.

  • None—If you select this option for the first time, the type in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for type is deleted from the device.

  • Custom Redirect URL- Configure a URL that redirects unauthenticated hosts to a central Web authentication (CWA) server.

URL

Enter URL of the block messages.

Fallback Settings

The fallback options are used when the web filtering system experiences errors and must fallback to one of the previously configured actions to either deny (block) or permit the object.

If you select None for the first time, the field in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for the fields is deleted from the device.

Default

Specifies all errors other than the categorized settings. These could include either unhandled system exceptions (internal errors) or other unknown errors. Select an action: None, Block, or Log and permit.

Server Connectivity

Specifies that the server connection is not established during certain processes. Select an action: None, Block, or Log and permit.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the Web filtering profile, the processing is terminated and the content is passed or blocked without completing filtering. Select an action: None, Block, or Log and permit.

Too-many-requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. Select an action: None, Block, or Log and permit.

URL Categories
 

Select an URL category.

A URL category is a list of URL patterns grouped under a single title so a single action that applies to all URL patterns can be performed on the list.

Click the + icon to select one or more URL categories, an action, and a redirect profile. A redirect profile is applicable only for block and quarantine actions. You can create a new redirect profile by clicking Create New Redirect Profile. The created redirect profile is displayed in the Redirect Profile drop-down list. The following actions are available:

  • Log and Permit—Create a list of URL patterns that are logged, then permitted

  • Block—Create a list of URL patterns that are denied access.

  • Quarantine—Create a list of URL patterns that are quarantined.

  • Permit—Create a list of URL patterns that are permitted.

Edit the action or redirect profile by clicking Apply Actions and updating the action and redirect profile.

Delete the URL category by selecting the URL category and clicking the X icon.

Quarantine Message

Type

Select a type of quarantine message.

  • None—If you select None for the first time, the type in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for type is deleted from the device.

  • Custom Redirect URL—Configure a URL that redirects unauthenticated hosts to a central Web authentication (CWA) server.

URL

Enter a valid URL.

Server

This section is applicable only when the Web Filtering Profile type is Juniper Enhanced or Websense Redirect.

Host

Enter the address of the host server.

Port

Enter the port number of the server.

Site Reputation Action

Specify the action to be taken depending on the site reputation returned for all types of URLs whether it is categorized or uncategorized.

This section is applicable only when the Web Filtering Profile type is Juniper Enhanced.

If you select None for the first time, the field in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for the field is deleted from the device.

Fairly Safe

Permit, log and permit, block, or quarantine a request if a site-reputation of 70 through 79 is returned.

Harmful

Permit, log and permit, block, or quarantine a request if a site-reputation of zero through 59 is returned.

Moderately safe

Permit, log and permit, block, or quarantine a request if a site-reputation of 80 through 89 is returned.

Suspicious

Permit, log and permit, block, or quarantine a request if a site-reputation of 60 through 69 is returned.

Very Safe

Permit, log and permit, block, or quarantine a request if a site-reputation of 90 through 100 is returned.

Reset

Click Reset to position the slider to the recommended levels.

Antivirus
Antivirus Profiles by Traffic Protocol

Type

Select the anti-virus engine that will be used on the device. Select an engine type:

  • Anti-Virus None—If you select None for the first time, the type in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for type is deleted from the device.

  • Sophos Engine—Sophos antivirus is an in-the-cloud antivirus solution. The virus and malware database is located on external servers maintained by Sophos (Sophos Extensible List) servers, thus there is no need to download and maintain large pattern databases on the Juniper Networks device.

  • Avira Engine—This provides a full file-based virus scanning function which is available through a licensed subscription service.

URL Whitelist

Select a unique customized list of all URLs for a given category that are bypassed for scanning.

To create a URL category, see Creating Custom URL Category Lists.

MIME Whitelist

Enter MIME types to create MIME bypass lists and exception lists. The device uses MIME types to decide which traffic may bypass antivirus scanning. The MIME allowlist defines a list of MIME types and can contain one or many MIME entries.

MIME Block List

Enter the special MIME types you want to block over HTTP, FTP, SMTP, and POP3 connections. Use commas to separate each MIME type.

MIME Permit List

Enter the special MIME types you want to permit over HTTP, FTP, SMTP, and POP3 connections. Use commas to separate each MIME type.

Scan Options

URI Check

Select the check-box to enable URI check. It specifies Uniform Resource Identifier blocking: an effective measure for preventing malware from reaching the endpoint. URI lookup is performed against an in-the-cloud malicious/infected URI database on each URI requested via HTTP.

Content Size Limit

Specifies the accumulated TCP payload size. Enter the content size limit value from 20 to 40,000 kilobytes.

Decompress Layer Limit

Specifies the number of layers of nested compressed files and files with internal extractable objects, such as archive files (tar), the internal antivirus scanner can decompress before it executes the virus scan.

Select a value between 0 to 10.

Timeout

Specifies the time frame from when the scan request is generated to when the scan result is returned by the scan engine.

Enter the time interval from 1 to 1800 seconds.

Pre Detection

Enable or disable the anti-virus pre-detection.

Sophos Engine
General Settings

Timeout

Specify the antivirus engine timeout. Select a value from 1 to 5 seconds.

Retry

Specifies the number of times to retry the Sophos antivirus engine query. Select the number of retry value from 0 to 5.

Server

Server IP

Specify the DNS Server IP. Enter a valid DNS server IP address.

Pattern Update

URL

Specifies the URL of the database server. Enter the URL for the pattern database.

Interval

Specifies the interval at which the database server is queried for a new version of the database. Enter the time interval for automatically updating the pattern database. The range is from 10 to 10080 seconds. The default interval is 60 seconds.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Email Notify

Admin Email

Enter a valid admin e-mail ID to notify about the pattern file update.

Custom Message Subject

Specify the custom message subject for notification. Enter the subject of the custom message.

Custom Message

Enter the custom message for notification.

Proxy

Proxy Server

Enter the IP address or hostname of the proxy server.

Port

Select the proxy server port. Port range is from 0 to 65535

Username

Enter the username of the proxy server.

Password

Enter the password for proxy server. It consists of up to 32 characters.

Confirm password

Re-enter the password to verify the login password for the proxy server.

Fallback Settings

Default

Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. Select None, Block, Log and Permit, or Permit action.

Content Size

Specifies that if the content size exceeds a set limit, the content is passed or blocked depending on the max-content-size fallback option. Select None, Block, Log and Permit, or Permit action.

Engine-not-ready

Specifies that the scan engine is not ready during certain processes, for example, while the signature database is loading. Select None, Block, Log and Permit, or Permit action.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is terminated and the content is passed or blocked without completing the virus checking. Select None, Block, Log and Permit, or Permit action.

Out-of-resources

Specifies the resource constraints error received during virus scanning. This error can be sent by the scan engine (as a scan-code) or scan manager. When the system is out of resources occurs, scanning is terminated. Select None, Block, Log and Permit, or Permit action.

Too-many-requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. Select None, Block, Log and Permit, or Permit action.

Trickling

Trickling Timeout

Specifies the mechanism used to prevent the HTTP client or server from timing-out during a file transfer or during antivirus scanning.

Enter the trickling timeout interval from 0 to 600 seconds.

Virus Detection

Type

Specifies the type of notification to be sent when a virus is detected. Select Protocol Only or Message options.

  • None—If you select None for the first time, the type in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for type is deleted from the device.

  • Message—Send a generic notification.

  • Protocol-only—Send a protocol-specific notification.

Notify Mail Sender

Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected. Enable to send a notification and disable to not send a notification.

Custom Message Subject

Specifies the subject line text for your custom message for the virus detection notification. Enter the subject line text for your custom message.

Custom Message

Specifies the customized message text for the virus detection notification. Enter the text for the custom notification message.

Fallback Block

Type

Specifies the type of notification sent when a fallback option of block is triggered. Select Protocol Only or Message options.

  • Message-Send a generic notification.

  • Protocol-only—Send a protocol-specific notification.

Notify Mail Sender

Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator. Enable this option.

Custom Message Subject

Specifies the subject line text for your custom message for the fallback block notification. Enter the subject line text for your custom message.

Custom Message

Specifies the customized message text for the fallback block notification. Enter the text for this custom notification message.

Fallback Non Block

Notify Mail Recipient

Specifies that the fallback nonblock notification is sent when a fallback e-mail option without a blocking action is triggered. Enable the option.

Custom Message Subject

Specifies the subject line for your custom message for the fallback nonblock notification. Enter the subject line text for your custom message.

Custom Message

Specifies the customized message text for the fallback nonblock notification. Enter the text for this custom notification message.

Avira Engine

The scan engine, Avira, scans the data by accessing the virus pattern database. It provides a full file-based anitvirus scanning function that is available through a separately licensed subscription service. When your antivirus license key expires, you can continue to use the locally stored antivirus signatures without any updates. If you delete the local database, then antivirus scanning is also disabled.

You can download and install the antivirus scan engine on your SRX Series device either manually or by using the Internet to connect to a Juniper Networks-hosted URL or a user-hosted URL. The virus pattern database is located at https://update.juniper-updates.net/avira. By default, the pattern updates are downloaded through the SRX Series devices.

After configuring Avira as the antivirus type, reboot the device for the new scan engine to take effect.

On Box AV Load Flavor

Type

The on-device antivirus scan engine scans the data by accessing the virus pattern database. Select the on-box Antivirus traffic load type.

Pattern Update

URL

Specifies the URL of the database server. Enter the URL for the pattern database.

Interval

Specifies the interval at which the database server is queried for a new version of the database. Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Start Time

Specifies the time when the device automatically starts downloading the updated signature database from the specified URL. Enter a value in the format: YYYY-MM-DD.HH:MM:SS

Email Notify

Admin Email

Enter a valid administrator e-mail ID for notifying about the pattern file update.

Custom Message Subject

Specify the custom message subject for notification. Enter the subject of the custom message.

Custom Message

Enter the custom message for notification.

Antispam
Antispam Profiles by Traffic Protocol

Address Whitelist

Select an address allowlist for local spam filtering. allowlists include addresses that you want to exclude from undergoing antispam processing. These lists are configured as custom objects. To create a list of URLs for allowlist, see Creating URL Patterns.

Note: When both the allowlist and blocklist are in use, the allowlist is checked first. If there is no match, then the blocklist is checked.

Address Blacklist

Specifies a list of MIME types to be excluded from the allowlist. These lists are configured as custom objects. To create a list of URLs for blocklist, see Creating URL Patterns.

Note: When both the allowlist and blocklist are in use, the allowlist is checked first. If there is no match, then the blocklist is checked.

Type

Specify the antispam type.

  • Anti-spam None—If you select None for the first time, the type in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for type is deleted from the device.

  • Anti-spam Sophos sbl—Select this option to use a third-party server-based spam block list (SBL).

Sophos Blacklist

Select this option to use server-based spam filtering. Un-select the check box to use, local spam filtering.

Server-based antispam filtering requires Internet connectivity with the spam block list (SBL) server. Domain Name Service (DNS) is required to access the SBL server. The firewall performs SBL lookups through the DNS protocol.

Note: Server-based spam filtering supports only IP-based spam block list blocklist lookup. Sophos updates and maintains the IP-based spam block list. Server-based antispam filtering is a separately licensed subscription service.

Action

Default Action

Select a default antispam action that the device should take when it detects spam.

  • None—If you select None for the first time, the default action in the CLI configuration is ignored. If you modify any other value to None, then existing CLI configuration for default action is deleted from the device.

  • Block e-mail—Block the spam e-mail.

  • Tag header of e-mail—Add the custom string to the e-mail header.

  • Tag subject of e-mail—Add the custom string at the beginning of the subject of an e-mail.

Custom Tag

Enter a custom string for identifying a message as spam. Maximum length is 512 characters. By default, the device uses ***SPAM***.

Content Filtering
Content Filtering Profiles by Traffic Protocol

Command Block List

Enter the protocol commands to be blocked. Use commas to separate each command.

Use content filtering to block specific commands for HTTP, FTP, SMTP, IMAP, and POP3 protocols.

Command Permit List

Enter the protocol commands to be permitted. Use commas to separate each command.

Use content filtering to block specific commands for HTTP, FTP, SMTP, IMAP, and POP3 protocols.

Type

Select the content filtering type. The options are Content-Filtering None and Content filtering local.

Block Content Type

Select types of harmful HTTP content you want to block that the MIME type or file extension cannot control.

  • Active X

  • Windows executables (.exe)

  • HTTP cookie

  • Java applet

  • ZIP files

Extension Block List

Enter the file extensions that you want to block over HTTP, FTP, SMTP, IMAP, and POP3 connections. Use only commas to separate values and the maximum allowed characters for each value is 29 characters. Do not use spaces to separate values. For example: exe,pdf,js

MIME Block List

Enter the special MIME types you want to block over HTTP, FTP, SMTP, and POP3 connections. Use commas to separate each MIME type.

MIME Permit List

Enter the special MIME types you wish to permit over HTTP, FTP, SMTP, and POP3 connections. Use commas to separate each MIME type.

Notification Options

Notify Mail Sender

Select the check box to notify sender when a content block is triggered.

Notification Type

Specifies the type of notification sent when a content block is triggered. Select Protocol or Message.

  • Message—Send a generic notification.

  • Protocol-only—Send a protocol-specific notification.

Custom Notification Message

Specifies the customized message text for the content-block notification. Enter the text for the custom notification message. Maximum length is 512 characters.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit