The Default Configuration page describes the security features of Unified threat management (UTM).
This default configuration will be used, If there are multiple UTM policies present in the potential list. The global configuration will be used till the exact match is found in the potential list.
The following security features are parts of UTM default configuration:
Sophos Antivirus— Sophos antivirus is an in-the-cloud antivirus solution. The virus pattern and malware database is located on external servers maintained by Sophos (Sophos Extensible List) servers.
Web filtering—Web filtering lets you to manage Internet usage by preventing access to inappropriate Web content.
Antispam—This feature examines transmitted messages to identify any e-mail spam.
Content filtering— This feature blocks or permits certain types of traffic based on the MIME type, file extension, protocol command, and embedded object type.
The Default Configuration page appears. Table 202explains the contents of this page.
Anti-Virus—Select this tab to view or create anti-virus configuration. Enter information as specified in Table 203.
Web Filtering —Select this tab to view or create the web filtering configuration. Enter information as specified in Table 203.
Anti-Spam —Select this tab to view or create the anti-spam configuration. Enter information as specified in Table 203.
Content-Filtering—Select this tab to view or create the anti-spam configuration. Enter information as specified in Table 203.
Click Commit icon at the top of the J-Web page. The following commit options are displayed.
Commit—Commits the configuration and returns to the main configuration page.
Compare—Enables you to see the configuration changes that you have performed in the Show Pending Changes.
Discard—Discards the configuration changes you performed in the J-Web.
Preferences—There are two tab:
Commit preferences— You can choose to just validate or validate and commit the changes.
Confirm commit timeout (in min)— You can select the timeout interval.
Table 202: Default Configuration main page
Field | Function |
|---|---|
Anti-Virus | Displays the configured antivirus. You can also configure an antivirus. |
Web Filtering | Displays the configured web filtering. You can also configure a web filtering. |
Anti-Spam | Displays the configured antispam. You can also configure an anti-spam. |
Content-Filtering | Displays the configured content filtering. You can also configure a content filtering. |
Table 203: Default configuration option page
| Field | Function | Action |
|---|---|---|
| Create antivirus | ||
Type | Displays the anti-virus engine type. | Select the require required engine type:
|
URL Whitelist | Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning. | Select the customized object from the list. |
| MIME Whitelist | ||
list | Specifies the comprehensive list of MIME types that can bypass antivirus scanning. | Select the customized object from the list. |
Exception | Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist. | Select the customized object from the list. |
| Sophos Engine options | ||
| General Settings | ||
Timeout | Specify the Sophos antivirus engine timeout. | Select a time, ranges from 1 to 5 seconds. |
Retry | Specify the number of times retry the Sophos antivirus engine query. | Select the number of retries from 1 to 5 numeric values. |
| Server | ||
Server IP | Specify the DNS Server IP. | Enter a valid DNS server IP address. |
Routing Instance | Specify the name of the routing instance. | Select a valid routing instance name.. |
| Pattern Update | ||
URL | Specifies the URL of the database server. | Enter the URL for the pattern database. |
Routing Instance | Specifies the routing instance name. | Select a routing instance from the drop down list. Routing instance can be defined under, 'Configure / Network / Routing Instance'. |
Pattern Update Interval (sec) | Specifies the interval at which the database server is queried for a new version of the database. | Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds. |
Auto Update | Specifies that the antivirus pattern database is configured to be automatically updated. | Select the auto update option. |
No Auto Update | Specifies that the automatic download and update of the antivirus engine and signature database are disabled. | Select the no auto update option. |
Proxy Profile | Specify the name of the proxy profile. | Select the proxy profile for Anti virus |
| Create Proxy Profile | ||
Profile Name | Specifies the proxy profile name . | Enter a valid profile name. |
Connection Type | Specifies the type of connection. | Select any one option from the following:
|
Port Number | Specifies the port number. | Enter the port number in the range 0 to 65535. |
| Email Notify | ||
Admin Email | Specify that the Admin email to be notify about the pattern file update. | Enter a valid admin email id. |
Custom Message subject | Specify the custom message subject for notification. | Enter the subject of the custom message. |
Custom Message | Displays the custom message for notification. | Enter the custom message for notification. |
| Fallback Settings | ||
Default | Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Content Size | Fallback action for over content size. | Select from the following permit, block, log and permit. |
Engine-not-ready | Specifies that the scan engine is not ready during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit. | Select from the following permit, block, log and permit. |
Timeout | Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking. | Select Log and Permit. The default action is Block. |
Out-of-resources | Specifies the resource constraints error received during virus scanning. This error can be or by the can be sent by the scan engine (as a scan-code) or scan manager. When the system is out of resources occurs, scanning is aborted. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Too-many-requests | Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
| Scan Option | ||
URI Check | Specify the antivirus URI check. | Enable the URI check. |
Content Size Limit | Specifies the accumulated TCP payload size. | Enter the content size limit, a value from 20 through 40,000 KB. |
Timeout | Specifies the timeframe between the scan requests generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value. | Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds. |
| Trickling | ||
Trickling Timeout | Displays the trickling timeout interval. | Enter the time interval from 0 through 600 seconds. |
| Virus Detection | ||
Type | Specifies the type of notification to be sent when a virus is detected. | Select Protocol Only or Message option. |
Notify Mail Sender | Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected. | Select yes to send a notification and no to not send a notification. |
Custom Message Subject | Specifies the subject line text for your custom message for the virus detection notification. | Enter the subject line text for your custom message. |
Custom Message | Specifies the customized message text for the virus detection notification. | Enter the text for this custom notification message. |
| Fallback Block | ||
Type | Specifies the type of notification sent when a fallback option of block is triggered. | Select the Protocol Only or the Message check box. |
Notify Mail Sender | Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator. | Select the Notify Mail Sender check box to enable this notification. |
Custom Message | Specifies the customized message text for the fallback block notification. | Enter the text for this custom notification message |
Custom Message Subject | Specifies the subject line text for your custom message for the fallback block notification. | Enter the subject line text for your custom message. |
| Fallback Non Block | ||
Notify Mail Recipient | Notify mail sender | |
Custom Message Subject | Specifies the customized message text for the fallback nonblock notification. | Enter the text for this custom notification message. |
Custom Message | Specifies the subject line for your custom message for the fallback nonblock notification. | Enter the subject line text for your custom message. |
| Create Web filtering | ||
HTTP persist | Configure the web-filtering engine type | Enable/Disable the option. |
HTTP Reassemble | Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning. | Reassemble HTTP request segments |
Type | Specifies a unique customized list of all URLs or IP addresses for a given category that are scanned for blacklisting. | Select from the drop down list:
|
URL Blacklist | Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning. | Configure custom URL for blacklist category |
URL Whitelist | Specifies a unique customized list of all URLs or IP addresses for a given category that are scanned for blacklisting. | Configure custom URL for whitelist category |
| Juniper Enhanced
Options Specifies that the Juniper Enhanced Web filtering intercepts the HTTP and the HTTPS requests and sends the HTTP URL or the HTTPS source IP to the Websense ThreatSeeker Cloud (TSC). | ||
| Global | ||
Base Filter | Select the base filter from the drop down list. | Select the base filter from the drop down list. |
Custom Block Message | Specify the juniper enhanced custom block message sent to HTTP Client. | Enter a message to be displayed when content is blocked. |
Default Action | Juniper enhanced profile default. | Select Log and Permit. The default action is Log and Permit. |
No Safe Search | Specifies not to perform safe-search for Juniper enhanced protocol. | Enable/Disable this option to choose this type of search. Note: Do not perform safe-search for Juniper enhanced protocol |
Quarantine Custom Message | Juniper enhanced quarantine custom message. | Enter the quarantine custom message. |
Timeout | Juniper enhanced timeout. | Select a timeout interval from 1 to 1800 seconds. |
| Cache | ||
Size | Specify Juniper enhanced cache size | Select a cache size from 0 to 4096 Killobytes. |
Time out | Specify Juniper enhanced cache time out. | Select a timeout interval from 1 to 1800 seconds. |
| Block Messages | ||
Type | Specify the type of block message. | Select the type of block message. |
URL | Specify the URL of the block message. | Enter URL of the block messages. |
| Fallback Settings | ||
Default | Specifies all errors other than the categorized settings. These could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Log and Permit. |
Server-connectivity | Specifies that the server connection is not established during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Log and Permit. |
Timeout | Specifies that if the time taken to scan exceeds the timeout setting in the Web filtering profile, the processing is aborted and the content is passed or blocked without completing filtering. | Select Log and Permit. The default action is Log and Permit. |
Too-many-requests | Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Log and Permit. |
Category | Specifies a unique customized list of categories.
| Select a category from the list. |
Action | Specifies the action that the device must take for the category selected. | Select Permit, Log and Permit, or Block. |
| Quarantine Message | ||
Type | Specify type of quarantine message desired. | Select a type. |
URL | URL of quarantine message. | Enter a valid URL. |
| Server | ||
Host | Specifies the address of the host server. | Enter the address of the host server. |
Port | Specifies the port number of the server. | Enter the port number of the server. |
Routing Instance | Specify the routing instance name. | Select a routing instance. |
Proxy Profile | Specify the proxy profile for Web filtering. | Create a Proxy profile |
Site Reputation Action | Specify the action to be taken depending on the site reputation returned for all types of URLs whether it is categorized or uncategorized. | Displays the following options:
Click Reset to position the slider to the recommended levels. |
Juniper Local | Specify the Local profile type. | Select this option to use the Local profile type. |
| Websense Redirect | ||
Account | Displays the user account for which this profile is intended. | |
Sockets | Displays the number of sockets used for communicating between the client and server. | Enter the number of sockets. |
Delete All Default Configurations | Deletes all the configurations | - |
| Create Anti-Spam | ||
Address Whitelist | Specifies the comprehensive list of MIME types that can bypass antivirus scanning. | Select the customized object from the list. |
Address Blacklist | Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist. | Select the customized object from the list. |
Type | Specify the antispam type. | — |
| SBL settings | ||
Custom Tag String | Specifies the custom string that is used to identify a spam message. | Enter a custom string for identifying a message as spam. By default the devices uses ***SPAM***. |
SBL Default Server | Specifies the profile that uses SBL server. The SBL server is predefined on the device. | Select the check box if you are using the default server. |
Spam Action | Displays the Spam action. | Select any one from the action.
|
| Create Content
Filtering Click one:
| ||
Permit Command List | Displays the permitted protocol command name. | Select the protocol command name to be permitted from the list. |
Block Command List | Displays the blocked protocol command. | Select the protocol command name to be blocked from the list. |
Block Extension List | Specifies the blocked extension list name. | Select the extension to be blocked from the list. |
Block MIME List | Specifies the blocked MIME. | Select the MIME type from the list. |
Block MIME Exception List | Specifies the blocked MIME list. | Select the MIME type to be excluded from the list. |
Type | Specifies the content filtering type. | Select the type. |
Block Content Type | Specifies the blocked content type.
| Select the content type to be blocked. |
| Notification Options | ||
Type | Specifies the type of notification sent when a content block is triggered. | Select the Protocol Only or the Message check box. |
Notify Mail Sender | Specifies that when a virus is detected and a content block is triggered, an e-mail is sent to the administrator. | Select the Notify Mail Sender check box. |
Custom Notification Message | Specifies the customized message text for the content-block notification. | Enter the text for this custom notification message (if you are using one). |