Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating Device Profiles

 

Use the Unified Threat Management (UTM) policy page to configure device profiles.

The device profile is used to configure UTM global options for a device. The device profile refers to the antispam, antivirus, and Web filtering profiles.

Before You Begin

  • Read the UTM Overview topic.

  • Decide which kind of filtering you want for the UTM policy: Web filtering, antispam, antivirus, content filtering, or device.

  • Review the device profile main page for an understanding of your current data set. See Device Profiles Main Page Fields for field descriptions.

Warning

When you configure the MIME allowlist feature, be aware that, because header information in HTTP traffic can be spoofed, you cannot always trust HTTP headers to be legitimate. When a Web browser is determining the appropriate action for a given file type, it detects the file type without checking the MIME header contents. However, the MIME allowlist feature does refer to the MIME encoding in the HTTP header. For these reasons, it is possible in certain cases for a malicious website to provide an invalid HTTP header. For example, a network administrator might inadvertently add a malicious website to a MIME allowlist, and, because the site is in the allowlist, it will not be blocked by Sophos even though Sophos has identified the site as malicious in its database. Internal hosts would then be able to reach this site and could become infected.

To create a device profile:

  1. Select Configure > UTM Policy > Device Profiles.
  2. Click Create.
  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Click Finish.

Table 1: Device Profile Settings

Setting

Guideline

General Information

Name

Enter a unique name for the device profile that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters.

Description

Enter a description for the device profile; maximum length is 255 characters.

Devices

Assign a device or devices to a profile by selecting the device or devices in the Available column and moving them to the Selected column.

Note: If a device is already assigned to a profile, it will not be listed in the Available column.

Antispam Profile

Address Allowlist

Select an address allowlist for local spam filtering. Allowlist include addresses that you want to exclude from undergoing antispam processing. (These lists are configured as custom objects.)

Note: When both the allowlist and blocklist are in use, the allowlist is checked first. If there is no match, then the blocklist is checked. A

Address Blocklist

Select an address blocklist for local spam filtering. Blocklists include addresses that you want to exclude. (These lists are configured as custom objects.) Note: When both the allowlist and blocklist are in use, the allowlist is checked first. If there is no match, then the blocklist is checked.

Antivirus Profile

MIME Allowlist

Enter MIME types to create MIME bypass lists and exception lists. The device uses MIME types to decide which traffic may bypass antivirus scanning. The MIME allowlist defines a list of MIME types and can contain one or many MIME entries. You can use your own custom object lists, or you can use the default list that ships with the device called junos-default-bypass-mime.

The following limitations apply:

  • The maximum number of MIME items in a MIME list is 50.

  • The maximum length of each MIME entry is restricted to 40 bytes.

  • The maximum length of a MIME list name string is restricted to 40 bytes.

Exception

MIME Allowlist

Enter MIME types to create an exception MIME allowlist that excludes some MIME types from the MIME allowlist. This list is a subset of MIME types found in the MIME allowlist.

For example, if the MIME allowlist includes the entry, video/ and the exception list includes the entry video/x-shockwave-flash, by using these two lists, you can bypass objects with “video/” MIME type but not bypass “video/x-shockwave-flash” MIME type.

URL Allowlist

Enter URLs or IP addresses to create a list of websites that are always bypassed for scanning.

Because antivirus scanning is a CPU and memory intensive action, if there are URLs and IP addresses that you are confident do not require scanning, you might want to create this custom list and add them to it.

Web Filtering Profile

URL Allowlist

Enter URLs to create a allowlist of websites that are always permitted. With local Web filtering, the firewall intercepts every HTTP request in a TCP connection and extracts the URL. The decision is done on the device after it looks up a URL to determine if it is in the allowlist or blocklist based on its user-defined category.

Note: A Web filtering profile can contain one allowlist or one blocklist with multiple user-defined categories each with a permit or block action.

URL Blocklist

Enter URLs to create a blocklist of websites that are always blocked.

Note: A Web filtering profile can contain one allowlist or one blocklist with multiple user-defined categories each with a permit or block action.

Site Reputation

Choose a reputation level. An action will be taken based on the reputation level returned for all types of URLs, whether categorized or uncategorized.