Seq.

Displays the sequence number of rules in a zone pair.

Rule Name

Displays the rule name.

Source Address

Displays the name of the source address or address set for the rule.

Destination Zone

Displays the destination zone that is specified in the zone pair for the rule.

Dynamic Application

Displays the dynamic application names for match criteria in application firewall rule set.

An application firewall configuration permits, rejects, or denies traffic based on the application of the traffic.

Action

Displays the actions that need to take place on the traffic as it passes through the firewall.

Advanced Security

Displays the security option that apply for this rule.

Policy rematch

Specifies that a policy is added that has just been modified to a deferred action list for reevaluation. For every session associated with the policy, the device reevaluates the policy lookup. If the policy is different from the one associated with the session, the device drops the session. If the policy matches, the session continues.

Select the check box.

Early ageout

Specifies the amount of time before the device aggressively ages out a session from its session table.

Enter a value from 1 through 65,535 seconds. The default value is 20 seconds.

Low watermark

Specifies the percentage of session table capacity at which the aggressive aging-out process ends.

Enter a value from 0 through 100 percent. The default value is 100 percent.

Enable SYN proxy protection

Enables SYN proxy defenses against SYN attacks.

Select the check box.

Force IP reassembly

Specifies reassemble all IP fragmented packets before forwarding.

Route change to nonexistent route timeout

Specifies the session timeout value on a route change to a nonexistent route.

Enter a value from 6 through 1800 seconds.

Enable MSS override for all packets

Enables maximum segment size override for all TCP packets for network traffic.

Select the check box.

Enter an maximum segment size value from 64 through 65,535.

Enable MSS override for all GRE packets entering an IPsec tunnel

Enables maximum segment size override for all generic routing encapsulation packets entering an IPsec tunnel.

Select the check box.

Enter a maximum segment size value from 64 through 65,535 bytes. The default value is 1320 bytes.

Strict SYN-flag check

Enables the strict three-way handshake check for the TCP session. This check enhances security by dropping data packets before the three-way handshake is done. By default, this check is disabled.

Select the check box.

Disable SYN-flag check (tunnel packets)

Disables the first packet check for the SYN flag when forming a TCP flow session.

Select the check box.

RST sequence check

Specifies that the TCP sequence number in a TCP segment can be checked, with the RST bit enabled. This matches the previous sequence number for a packet in that session or is the next higher number incrementally.

Select the check box.

Rule Description

Specifies a description for the security policy.

Enter a description for the security policy.

Address(es)

Specifies the source address of the rule.

Select the Address(es) for the policy by clicking Select The Source Address page appears.

Select the Address for this policy. The options available are:

• Any Address—Selecting this will include any address as the source address.

• Include Specific—Selects an address book entry from the available list or you can make a new address book entry by selecting Add New Source Address and creating a new source address in the Create Address page.

• Exclude Specific—Selects an address book entry from the available list or you can make a new address book entry by selecting Add New Source Address and creating a new source address in the Create Address page.

Address(es)

Specifies the source address of the rule.

Select the Address(es) for the policy by clicking Select The Destination Address page appears.

Select the Address for this policy. The options available are:

• Any Address—Selecting this will include any address as the destination address.

• Include Specific—Selects an address book entry from the available list or you can make a new address book entry by selecting Add New Source Address and creating a new source address in the Create Address page.

• Exclude Specific—Selects an address book entry from the available list or you can make a new address book entry by selecting Add New Source Address and creating a new source address in the Create Address page.

Service(s)

Select the services that you want to permit or deny in the rule.

Select the services to permit or deny. You can choose a service from the available list.

Rule Action

Specifies the action taken when traffic matches the criteria. Available options are:

• Permit

• Deny

• Reject

Select an option.

1. App Firewall—Select the application firewall from the dropdown list.
2. IPS—Select Off or On from the dropdown list. If you select On, the IPS Policy field will be disabled. If you select Off, you may select the IPS Policy from the dropdown list.
3. UTM—Select the UTM policy to associate with this rule from the dropdown list, which shows all the UTM policies available.

   If you want to create a new UTM policy, click Add New, which enables you to create a new UTM policy in the Create UTM Policies Wizard. To know more about this wizard refer Configure>Security>UTM page in J-Web.

4. SSL Proxy—Select the SSL proxy policy to associate with this rule from the dropdown list, which shows all the SSL proxy profiles that are created using the Configure>Security>SSL Proxy page in J-Web. After you associate, the SSL proxy policy will be applied to the traffic.
5. IPSec VPN—Select the IPsec VPN tunnel from the dropdown list.
6. Pair Policy Name—Select the name of the policy with the same IPsec VPN in the opposite direction to create a pair policy.
7. Threat Prevention Policy—Select the configured threat prevention policy from the dropdown list. To create a threat prevention policy go to Configure>Security>SkyATP or Threat Prevention>Policies.
8. ICAP Redirect Profile—Select the configured ICAP Redirect profile name from the dropdown list.

Deny—Block and drop the packet, but do not send notification back to the source.

Reject—Block and drop the packet and send a notice to the source host.

• For TCP traffic—Sends TCP RST.

• For UDP traffic—Sends ICMP destination unreachable, port unreachable message (type 3, code 3).

• For TCP and UDP traffic—Specifies action denied.

Logging/Count

Log at Session Init Time

Specifies that an event is logged when the session is created.

Select the check box.

Authentication

Type

Specify the type of firewall authentication for this rule.

Select the type of firewall authentication from the dropdown list. The options available are: None, Pass-through, User-firewall, and Web-authentication.

Destination Address Translation

Specifies the action to be taken on a destination address translation.

Select the action to be taken on a destination address translation. The options available are: None, Drop Translated, Drop Untranslated.

Enable TCP-SYN

Disables or enables the checking of the TCP SYN bit before creating a session. By default, the device checks that the SYN bit is set in the first packet of a session. If it is not set, the device drops the packet.

Select if you want enable TCP-SYN.

Add Rule Before

Adds a new rule before the selected rule.

Copy

Copies a selected rule and enables you to paste it before or after the selected rule.

Paste

Pastes the copied or cut rule before or after the rule selected for copy.

Move Rule

Organizes records. Select a rule and choose Move up, Move down, Move to top, or Move to bottom to reposition the rule.

Enable

Enables the selected rule if it was disabled.

Details icon in blue color

Displays the Schedules Details, on clicking the icon.

Description

Displays a description of the scheduler.

End Date

Displays the stop date for the first day.

Second End Date

Displays the stop date for the second day.

Name

Specifies the scheduler name.

Enter the name of the scheduler.

Start Date

Specifies the start date of the first day.

Select the start date for the first day from the calendar.

Second Start Date

Specifies the start date of the second day.

Select the start date for the second day from the calendar.

Specify a day/time range to edit

Daily option

Specifies that you can set the scheduler to run at regular and recurring intervals.

Select an day from the list. The Speicify Time for <selected day> appears.

Select the Time Options from All Day, Exclude Day, or Time Ranges.

If you select Time Ranges enter the Start Time and End Time. You can also a Second Start Time and Second End Time by clicking Add Another Range.

Time Stop1

Specifies the stop time for the first day.

Enter the stop time in HH:MM:SS format.

Time Stop2

Specifies the stop time for the second day.

Enter the stop time in HH:MM:SS format.

To

Displays the source NAT sort options to which the packets flow.

• Routing Instance

• Zone

• Interface

Name

Displays the name of the source NAT rule set.

To

Displays the name of the routing instance/zone/interface to which the packets flow.

Description

Displays a description of the source NAT rule set.

Rule Name

Displays the name of the rule in the selected source NAT rule set.

Match Destination

Displays the match destination address.

Match Destination Port

Displays the match destination port.

Persistent

Displays the persistent NAT address in the source NAT pool

Address

Displays the IP address of the source NAT pool.

Description

Displays a description of the source NAT pool.

Interface Port-Overloading

Specifies interface port overloading for persistent NAT.

Select check box to the enable interface port-overloading.

Raise Threshold

Specifies raise to raise the threshold for pool utilization.

The default option is 50-100.

Rule Set Description

Specifies a description for the rule set.

Enter a description for the rule set.

• Routing Instance

• Zone

• Interface

Select an option.

Select the source routing instances/zones/interfaces in the Available column and the use the right arrow to move them to the Selected column.

Select the destination routing instances/zones/interfaces in the Available column and the use the right arrow to move them to the Selected column.

Rule Description

Specifies a description for the rule.

Enter a description for the rule.

Source Address

Specifies the source IP address. The options available are:

• Available—Specifies the available source addresses.

• Selected—Specifies the selected source addresses.

Search and select the source addresses in the Available column and the use the right arrow to move them to the Selected column.

You can also enter a source address in the New text box in the Selected and click Add to add the source address to the lower pane of the Selected column.

IP Protocol

Specifies the IP protocol.

Enter the protocol name in the New text box and click Add to add the protocol to the lower pane of the IP Protocol column.

• No Source NAT

• Do Source NAT with Egress Interface Address

• Do Source NAT with Pool

Select an option.

Pool Description

Specifies a description for the source NAT pool.

Enter a description for the source NAT pool.

Pool Address Family

Specifies the source NAT pool address family.

Select an option.

Port Translation

• No Translation

• Translation with Default Port Range (1024–65535)

• Translation with Specified Port Range

• Translation with Port Overloading Factor

Select an option.

To

Displays the destination NAT sort options to which the packets flow.

• Routing Instance

• Zone

• Interface

Name

Displays the name of the destination NAT rule set.

Rule

Displays the name of the rule in the selected destination NAT rule set.

Match Source

Displays the match source address.

Match IP Protocol

Displays the match IP protocol.

Action

Displays the action of the rule in the selected rule set.

Address

Displays the IP address of the destination NAT pool.

Description

Displays a description of the destination NAT pool.

Rule Set Name

Specifies the name of the rule set.

Enter the rule set name.

• Routing Instance

• Zone

• Interface

Select an option.

Select the routing instances/zones/interfaces in the Available column and the use the right arrow to move them to the Selected column.

Rule Name

Specifies the name of the rule.

Enter the rule name.

Destination Address

Specifies the destination IP address.

Enter the destination IP address.

IP Protocol

Specifies the IP protocol for the destination NAT rule.

Enter the protocol name in the text box and click Add to add the protocol to the IP Protocol column.

Select an option.

Pool Description

Specifies a description for the destination pool.

Enter a description for the destination pool.

Port

Specifies the destination pool port number.

Enter the destination pool port number.

Pool Name

Specifies the name of the destination pool.

Enter the destination pool name.

Routing Instance

Specifies the routing instance available.

Select an option.

Address/Port

Specifies the destination pool address.

Enter the destination pool address.

Address Range

Specifies the destination pool address range.

Enter the destination pool address range.

Filter

Displays the filter option.

From

Displays the name of the routing instance/zone/interface from which the packets flow.

Description

Displays a description of the static NAT rule set.

Rule Name

Displays the name of the routing instance/zone/interface to which the packet flows.

Action

Displays the action of the rule in the selected rule set.

Rule Set Description

Specifies a description for the rule set.

Enter a description for the rule set.

• Routing Instance

• Zone

• Interface

Select an option.

Select the routing instances/zones/interfaces in the Available column and the use the right arrow to move them to the Selected column.

Rule Description

Specifies a description for the rule.

Enter a description for the rule.

IPv4

Specifies the IPv4 address.

Enter the IPv4 address.

Routing Instance

Specifies the routing instance.

Select a routing instance.

Address

Displays the IPv4 or IPv6 address.

Address

Specifies the proxy ARP IP address.

Click Delete to deleted the proxy ARP address.

To

Specifies the end IP address that the device can be assigned to.

Click Add to add the port address.

Address

Specifies the proxy ND IP address.

Click Delete to deleted the proxy ND address.

To

Specifies the end IPv6 address that the device can be assigned to.

Click Add to add the port address.

Type

Displays the type of zone.

Protocols

Displays the protocol type of incoming traffic.

Screen

Displays name of the option objects applied to the zone.

Type

Displays the type of screen.

Zone description

Specifies a description for the zone.

Enter a description for the zone.

Send RST for non matching session

Specifies that when the reset feature is enabled, the system sends a TCP segment with the RESET flag set when traffic arrives. This does not match an existing session and does not have the Synchronize flag set.

Select the Send RST for non matching session check box to enable this feature.

Interfaces in this zone

Specifies the available interfaces that you can select for the security zone.

Select or deselect the interfaces that you want to include in the security zone using either the left or the right arrow.

Note: The selected interfaces are displayed in the Selected grid.

Protocols

Specifies the protocols that permit inbound traffic of the selected type to be transmitted to hosts within the zone.

Select the protocols in the Available column and then use the right arrow to move them to the Selected column. Select all to permit all protocols.

Note: To deselect protocols, select the protocols in the Selected column and then use the left arrow to move them to the Available column.

Interface protocols

Specifies the interface protocols that permit inbound traffic from the selected interface to be transmitted to hosts within the zone.

Select the interface protocols in the Available column and then use the right arrow to move them to the Selected column. Select all to permit all interface protocols.

To deselect protocols, select the protocols in the Selected column and then use the left arrow to move them to the Available column.

Screen description

Specifies a description for the screen object.

Enter a description for the screen object.

IP spoofing

Specifies that you can enable IP address spoofing. IP spoofing is when a false source address is inserted in the packet header to make the packet appear to come from a trusted source.

Select the IP spoofing check box to enable this feature.

Threshold

Specifies the threshold value of the IP sweep.

Enter the time interval for an IP sweep.

Note: If a remote host sends ICMP traffic to 10 addresses within this interval, an IP address sweep attack is flagged and further ICMP packets from the remote host are rejected. The range is from 1000 through 1000000 microseconds. The default value is 5000 microseconds.

Threshold

Specifies the threshold value of the TCP port scan.

Enter the time interval for a port scan.

Note: If a remote host scans 10 ports within this interval, a port scan attack is flagged and further packets from the remote host are rejected. The range is from 1000 through 1000000 microseconds. The default value is 5000 microseconds.

Teardrop attack protection

Specifies the number of teardrop attacks.

Note: Teardrop attacks exploit the reassembly of fragmented IP packets.

Select the Teardrop attack protection check box to enable this feature.

Ping of death attack protection

Specifies the ICMP ping of death counter.

Note: A ping of death occurs when IP packets are sent that exceed the maximum legal length (65,535 bytes).

Select the Ping of death attack protection check box to enable this feature.

Block fragment traffic

Specifies the number of IP block fragments.

Select the Block fragment traffic check box to enable this feature.

Threshold

Specifies the threshold value for SYN-ACK-ACK proxy protection.

Enter the threshold value for SYN-ACK-ACK proxy protection.

Note: The range is from 1 through 250000 sessions. The default value is 512 sessions.

Bad option

Specifies the number of bad options counter.

Select the Bad option check box to enable this feature.

Unknown protocol

Specifies that the IP address with security option can be enabled.

Select the Unknown protocol check box to enable this feature.

Source route

Specifies the number of IP addresses of the devices set at the source that an IP transmission is allowed to take on its way to its destination.

Select the Source route check box to enable this feature.

Stream

Specifies a method for the 16-bit SATNET stream identifier to be carried through networks that do not support streaming.

Select the Stream check box to enable this feature.

Record route

Specifies that IP addresses of network devices along the path that the IP packet travels can be recorded.

Select the Record route check box to enable this feature.

SYN and FIN Flags Set Protection

Specifies the number of TCP SYN and FIN flags.

Note: When you enable this option, Junos OS checks if the SYN and FIN flags are set in TCP headers. If it discovers such a header, it drops the packet.

Select the SYN and FIN Flags Set Protection check box to enable this feature.

TCP Packet Without Flag Set Protection

Specifies the number of TCP headers without flags set.

Note: A normal TCP segment header has at least one flag control set.

Select TCP Packet Without Flag Set Protection check box to enable this feature.

Limit sessions from the same source

Specifies that sessions are limited from the same source IP.

Enter the range within which the sessions are limited from the same source IP.

Note: The range is from 1 through 50000 sessions.

ICMP flood protection

Specifies the Internet Control Message Protocol (ICMP) flood counter.

Note: An ICMP flood typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed.

Select the ICMP flood protection check box to enable this feature.

UDP flood protection

Specifies the User Datagram Protocol (UDP) flood counter.

Note: UDP flooding occurs when an attacker sends IP packets containing UDP datagrams to slow system resources, such that valid connections can no longer be handled.

Select the UDP flood protection check box to enable this feature.

UDP white list

Starting Junos Release 18.1R1, the option to add UDP IP addresses and white list them is available.

Specifies the UDP port IP addresses that can be allowed access.

Note:

• The UDP white list option is enabled only if you select UDP flood protection.

• The white list that you created in the UDP white list window will be available in the TCP white list window also for selection.

Choose Select. The UDP White List window appears. Click + to add IP addresses that you wish to white list. The Add Whitelist window appears. Enter a Name to identify the group of IP addresses. Enter IPv4 or IPv6 address. Click +. The IPv4/IPv6 Address(es) lists the address that you entered. You may add as many IP addresses to this group. When you are done click OK. The UDP White List window is presented.

The Name you associated with the group of IP addresses that you entered in the Add Whitelist window is listed in the Selected table. You can create many such names (group of IP addresses) and choose them to be in the Available column for you to select it later for white listing. To move the groups between Available and Selected list click the < or > accordingly.

TCP white list

Starting Junos Release 18.1R1, the option to add TCP IP addresses and white list them is available.

Specifies the TCP port IP addresses that can be allowed access.

Note:

• The TCP white list option is enabled only if you select SYN flood protection.

• The white list that you created in the TCP white list window will be available in the UDP white list window also for selection.

Choose Select, The TCP White List window appears. Click + to add IP addresses that you wish to white list. The Add Whitelist window appears. Enter a Name to identify the group of IP addresses. Enter IPv4 or IPv6 address. Click +. The IPv4/IPv6 Address(es) lists the address that you entered. You may add as many IP addresses to this group. When you are done click OK. The TCP White List window is presented.

The Name you associated with the group of IP addresses that you entered in the Add Whitelist window is listed in the Selected table. You can create many such names (group of IP addresses) and choose them to be in the Available column for you to select it later for white listing. To move the groups between Available and Selected list click the < or > accordingly.

Alarm threshold

Specifies the number of half-complete proxy connections per second at which the device makes entries in the event alarm log.

Enter a value from 1 through 100000 segments received per second for SYN flood alarm. The default value is 512.

Note: For SRX Series Services Gateways, the range is from 1 through 1000000 segments per second. The default alarm threshold value is 250 pps.

Destination threshold

Specifies the number of SYN segments received per second for a single destination IP address before the device begins dropping connection requests to that destination. If a protected host runs multiple services, you might want to set a threshold based only on destination IP address, regardless of the destination port number.

Enter a value for SYN flood to the same destination from 4 through 100000. The default value is 4000.

Note: For SRX Series Services Gateways, the range is from 4 through 1000000 segments per second. The default destination threshold value is 0 pps.

Application Description

Displays a description of the custom application.

IP-Protocol

Displays the custom network protocol.

Destination-Port

Displays the custom destination port identifier.

Application Name

Displays the predefined application name.

IP-Protocol

Displays the predefined network protocol.

Destination-Port

Displays the predefined destination port identifier.

Application-Set Name

Displays the application set name.

Description

Displays a description of the application set.

Application Name

Specifies a custom application name.

Enter a custom application name.

Application-protocol

Specifies the custom application protocol.

Select a value from the list.

Destination Port

Specifies the custom destination port identifier.

Select a value from the list.

Inactivity-timeout

Specifies the length of time (in seconds) that the application is inactive before it times out.

Enter a value from 4 through 86400.

Match ICMP message code

Specifies the Internet Control Message Protocol message code.

Select a value from the list.

UUID

Specifies a universal unique identifier (UUID).

Enter a UUID.

Term Name

Specifies a name for the application term.

Enter a term name.

Match IP protocol

Specifies the network protocol.

Select an option from the list.

Source Port

Specifies the source port identifier.

Enter the source port identifier.

RPC-program-number

Specifies the remote procedure call value.

Enter a value from 0 through 65535.

Match ICMP message type

Specifies the Internet Control Message Protocol message type.

Select a value from the list.

Description

Specifies a description for the application set.

Enter a description for the application set.

Zone Name

Displays the zone name of the address.

IP(v4/v6)/Prefix

Displays the IP address of the address.

Zone Name

Displays the zone name of the address set.

Address List

Displays the preexisting addresses that are included or excluded from the address set.

Address Name

Specifies the address name.

Enter the address name.

Domain Name

Specifies the domain name of the address.

Select the option and enter the domain name.

Add Address Set

Specifies the address set name.

Enter the address set name and click Add.

Note: Click Undo to delete the immediate previous action.

Zone

Specifies the zone to which the address set is applied.

Select an option from the list.

Address List

Specifies which of the preexisting addresses should be included or excluded from the address set.

Select the addresses and use the arrows to move them to the Out of This Set and In This Set lists.

Attached Zone

Displays the name of the zone that is attached to the address book.

Address/Address-Set Name

Displays the addresses and address sets associated with the selected address book.

Address-Set Members

Displays the addresses in an address set.

Attach Zones

Specifies which of the predefined zones should be attached to the specified address.

Select the zones from the Available list and use the Right Arrow to move them to the Attached list.

You can select more than one zone from the Attached list for one address book. However, make sure that each zone has only one address book attached to it. If there is more than one address book attached to a zone, you will get the following error when you commit the configuration:

“Security zone must be unique in address books.”

Address Name

Specifies the address name.

Enter a name for the address.

Value

Specifies the address.

Enter an address that matches the selected address type.

Address Set Name

Specifies the address set name.

Enter the address set name.

Address Set List

Specifies which of the preexisting address sets should be included or excluded from the list.

Select the address sets and use the arrows to move them to the Out of This Set and In This Set lists.

Profile Name

Displays the name of the proxy profile.

Port Number

Displays the port number.

Profile Name

Specifies the name of the proxy profile.

Enter a name for the proxy profile.

Port Number

Specifies the port number used by the proxy profile.

Select a port number for the proxy profile from 0 to 65535.

Network Address

Specifies the network address used by the address pool.

Enter a IPv4 address for the address pool.

Primary DNS Server

Specifies the primary-dns IP address.

Enter the primary-dns IP address.

Primary WINS Server

Specifies the primary-wins IP address.

Enter the primary-wins IP address.

Lower Limit

Specifies the lower limit of the address range.

Enter the lower limit of the address range.

Add

Adds a new address range for the access profile.

Click + to add a new address range for the address pool.

Application tracking

Enables or disables application tracking.

Select this option to enable application tracking.

First Update Interval (min)

Interval when the first update message is sent (minutes).

Use the up/down arrow to set the interval time.

Application Tracking By Zone

Lists the available zones.

• To enable application tracking, select the zone and click the right arrow to move it to the tracking enabled list.

• To disable application tracking, select the zone and then click the left arrow to move the zone back into the available list.

Rule Set

Rule

Specifies the name of each rule associated with the rule set. If this field contains more than two rule names, hover over the field to display the names of all the rules in a tool tip.

Rule Name

Displays the name of each rule contained in the selected rule set. This pane is blank until a rule set is selected in the upper pane.

Action

Specifies the action to be taken if traffic matches one of the specified applications.

• permit—Permits traffic that matches this rule.

• deny—Denies traffic that matches this rule.

Rule Set Name

Specifies the rule set name

Enter a rule set name.

When editing a rule set, the name cannot be changed.

Rule Name

Specifies the name of the rule.

Enter a rule name.

When editing a selected rule, the name cannot be changed.

Match Dynamic Application

Matched

Displays the applications selected as match criteria for the rule.

To delete applications from the match criteria:

• Select one or more applications in the Matched list. (Use the Ctrl key to select more than one item.)

• Click the left arrow to return the selections to the Applications list.

Anti-Virus

Displays the configured antivirus. You can also configure an antivirus.

Anti-Spam

Displays the configured antispam. You can also configure an anti-spam.

URL Whitelist

Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning.

Select the customized object from the list.

list

Specifies the comprehensive list of MIME types that can bypass antivirus scanning.

Select the customized object from the list.

Timeout

Specify the Sophos antivirus engine timeout.

Select a time, ranges from 1 to 5 seconds.

Routing Instance

Specify the name of the routing instance.

Select a valid routing instance name..

URL

Specifies the URL of the database server.

Enter the URL for the pattern database.

Pattern Update Interval (sec)

Specifies the interval at which the database server is queried for a new version of the database.

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Connection Type

Specifies the type of connection.

Select any one option from the following:

• Server IP— Enter the server IP address.

• Host Name— Enter the host name.

Custom Message subject

Specify the custom message subject for notification.

Enter the subject of the custom message.

Content Size

Fallback action for over content size.

Select from the following permit, block, log and permit.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking.

Select Log and Permit. The default action is Block.

Too-many-requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

URI Check

Specify the antivirus URI check.

Enable the URI check.

Timeout

Specifies the timeframe between the scan requests generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Trickling Timeout

Displays the trickling timeout interval.

Enter the time interval from 0 through 600 seconds.

Type

Specifies the type of notification to be sent when a virus is detected.

Select Protocol Only or Message option.

Custom Message Subject

Specifies the subject line text for your custom message for the virus detection notification.

Enter the subject line text for your custom message.

Notify Mail Sender

Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator.

Select the Notify Mail Sender check box to enable this notification.

Custom Message Subject

Specifies the subject line text for your custom message for the fallback block notification.

Enter the subject line text for your custom message.

Notify Mail Recipient

Notify mail sender

Custom Message

Specifies the subject line for your custom message for the fallback nonblock notification.

Enter the subject line text for your custom message.

HTTP persist

Configure the web-filtering engine type

Enable/Disable the option.

Type

Specifies a unique customized list of all URLs or IP addresses for a given category that are scanned for blacklisting.

Select from the drop down list:

• Juniper Enhanced

• Juniper Local

• Websense Redirect

URL Whitelist

Specifies a unique customized list of all URLs or IP addresses for a given category that are scanned for blacklisting.

Configure custom URL for whitelist category

Specifies that the Juniper Enhanced Web filtering intercepts the HTTP and the HTTPS requests and sends the HTTP URL or the HTTPS source IP to the Websense ThreatSeeker Cloud (TSC).

Custom Block Message

Specify the juniper enhanced custom block message sent to HTTP Client.

Enter a message to be displayed when content is blocked.

No Safe Search

Specifies not to perform safe-search for Juniper enhanced protocol.

Enable/Disable this option to choose this type of search.

Note: Do not perform safe-search for Juniper enhanced protocol

Timeout

Juniper enhanced timeout.

Select a timeout interval from 1 to 1800 seconds.

Size

Specify Juniper enhanced cache size

Select a cache size from 0 to 4096 Killobytes.

URL

Specify the URL of the block message.

Enter URL of the block messages.

Default

Specifies all errors other than the categorized settings. These could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Log and Permit.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the Web filtering profile, the processing is aborted and the content is passed or blocked without completing filtering.

Select Log and Permit. The default action is Log and Permit.

Category

Specifies a unique customized list of categories.

• Add (+)—Adds the selected category and the corresponding action to the list of available categories for the Juniper Enhanced Web Ffiltering profile.

• Delete(X)—Deletes the selected category from the list of available categories for the Juniper Enhanced Web Filtering profile.

Select a category from the list.

URL

URL of quarantine message.

Enter a valid URL.

Host

Specifies the address of the host server.

Enter the address of the host server.

Routing Instance

Specify the routing instance name.

Select a routing instance.

Site Reputation Action

Specify the action to be taken depending on the site reputation returned for all types of URLs whether it is categorized or uncategorized.

Displays the following options:

• Very Safe– Permit, log-and-permit, block, or quarantine a request if a site-reputation of 90 through 100 is returned.

• Moderately Safe– Permit, log-and-permit, block, or quarantine a request if a site-reputation of 80 through 89 is returned.

• Fairly Safe– Permit, log-and-permit, block, or quarantine a request if a site-reputation of 70 through 79 is returned.

• Suspicious– Permit, log-and-permit, block, or quarantine a request if a site-reputation of 60 through 69 is returned.

• Harmful– Permit, log-and-permit, block, or quarantine a request if a site-reputation of zero through 59 is returned.

Click Reset to position the slider to the recommended levels.

Sockets

Displays the number of sockets used for communicating between the client and server.

Enter the number of sockets.

Address Blacklist

Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist.

Select the customized object from the list.

SBL Default Server

Specifies the profile that uses SBL server. The SBL server is predefined on the device.

Select the check box if you are using the default server.

Click one:

• Expand/Collapse- All

• Edit- Edits the options.

• Delete- Delete the option.

Block Command List

Displays the blocked protocol command.

Select the protocol command name to be blocked from the list.

Block MIME List

Specifies the blocked MIME.

Select the MIME type from the list.

Type

Specifies the content filtering type.

Select the type.

Notify Mail Sender

Specifies that when a virus is detected and a content block is triggered, an e-mail is sent to the administrator.

Select the Notify Mail Sender check box.

Profile Name

Displays the unique name of the antispam profile.

Intelligent Prescreening

Displays the intelligent prescreening status.

Trickling Timeout

Displays the trickling timeout interval.

Exception MIME Whitelist

Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist.

Select the customized object from the list.

Juniper Express

Specifies the internal scan engine for full antivirus protection provided by Juniper Networks.

Note: This option is not supported on SRX1500 devices.

Select this option to choose the Juniper Express engine type.

Custom Message

Specifies the text of the pattern-update e-mail notification that is sent when the pattern update is complete.

Enter the customized message.

Pattern Update Interval (sec)

Specifies the interval at which the database server is queried for a new version of the database.

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Pattern Update URL

Specifies the URL of the database server.

Enter the URL for the pattern database.

Auto Update

Specifies that the antivirus pattern database is configured to be automatically updated.

Select the auto update option.

Proxy Server Port

Specifies the port with which the proxy server is associated.

Enter the port number.

Proxy Server Password

Specifies the password to use on the proxy server.

Enter the password.

Profile Type

Displays the internal scan engine for full antivirus option selected in the global options. Intelligent prescreening is only intended for use with non-encoded traffic.

-

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 20000 KB.

Decompress Layer Limit

Specifies the number of layers of nested compressed files the internal antivirus scanner can decompress before the execution of the virus scan.

Enter the decompress layer limit, a value from 1 through 4 layers.

Scan All Files

Specifies all files to be scanned.

Select this option to scan all files.

Scan Engine Filename Extension

Specifies the file extensions found in the traffic being scanned.

Select this option to scan the engine filename extension.

Intelligent Prescreening

Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file.

Select yes to enable intelligent prescreening.

Scan Engine Timeout

Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

URI Check

Specifies Uniform Resource Identifier blocking: an effective measure for preventing malware from reaching the endpoint. URI lookup is performed against an in-the-cloud malicious/infected URI database on each URI requested via HTTP.

Select the URI check check box to enable URI check.

Scan Engine Timeout

Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Query Retries

Specifies the antivirus engine query retry (number of times) value.

Enter the query retry value from 0 through 5.

Default Action

Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Password File

Specifies the error returned by the scan engine when the scanned file is protected by a password. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Content Size

Specifies that if the content size exceeds a set limit, the content is passed or blocked depending on the max-content-size fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking. The decision is made based on the timeout fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Too Many Requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block. The allowed request limit is not configurable.

Notify Mail Sender

Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator.

Select the Notify Mail Sender check box to enable this notification.

Custom Message Subject

Specifies the subject line text for your custom message for the fallback block notification.

Enter the subject line text for your custom message.

Allow Email

Specifies that a notification e-mail address must be allowed.

Select the check box to allow e-mail.

Custom Message

Specifies the customized message text for the fallback nonblock notification.

Enter the text for this custom notification message (if you are using one).

Notify Mail Sender

Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected.

Select yes to send a notification and no to not send a notification.

Custom Message Subject

Specifies the subject line text for your custom message for the virus detection notification.

Enter the subject line text for your custom message.

Profile Name

Displays the unique name of the antispam profile.

Account

Displays the user account for which this profile is intended.

Timeout

Displays the timeout interval.

URL Whitelist

Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning.

Select the customized object from the list.

Websense Redirect

Specifies that the Web filtering module intercepts an HTTP request. The URL in the request is then sent to the external Websense server which makes a permit or a deny decision.

Select this option to choose this type of Web filtering engine.

Juniper Enhanced

Specifies that the Juniper Enhanced Web filtering intercepts the HTTP and the HTTPS requests and sends the HTTP URL or the HTTPS source IP to the Websense ThreatSeeker Cloud (TSC).

Select this option to choose this type of Web filtering engine.

The Juniper Enhanced Options with the respective parameters is displayed.

The following options are displayed only if you have selected Juniper Enhanced as the Filtering type.

Cache timeout (mins)

Specifies the time interval to wait before the cache is cleared.

Enter or select the time using the up/down arrow.

Server host

Specifies the address of the host server.

Enter the address of the host server.

Reputation Level

Specifies the level at which the device must take appropriate action (permit, log and permit, or block) when the site reputation level reaches the level that you have defined.

Move each of the four sliders to the desired level or number. Each slider is named (A to D) and represents the following degree of assessment along with the recommended range.

A:Very Safe (90 to 100)

B: Moderately Safe (80-89)

C: Fairly Safe (70-79)

D: Suspicious (58-69)

E: Harmful (1-57). This is not reporesented as a slider.

Click Reset to position the slider to the recommended levels.

Profile Name

Displays the unique name of the Web filtering profile.

Enter a unique name for the Web filtering profile.

Note: The profile Name should not be longer than 29 characters.

Account

Displays the user account for which this profile is intended.

Enter a user account name.

Port

Displays the port number used to communicate with the server.

Enter the port number.

Default Action

Displays the default action to be taken for Web filtering. The options available are:

• Permit—Permits access to content.

• Log and Permit—Logs details of the URL and permits access to content.

• Block—Blocks access to content.

Select an option.

Safe Search

Displays the search results based on the option selected.

A safe-search solution is used to ensure that the embedded objects such as images on the URLs received from the search engines are safe and that no undesirable content is returned to the client.

Safe-search is applicable to juniper-enhanced Web filtering type only.

Select this option to choose this type of search.

Base Filter

Specifies the base filter that is attached to the profile. All categories has a default action in a base filter. For categories that are not configured in the profile, the base filter is considered for action.

Select the base filter from the drop down list.

Note: The fields Account, Server, Port, and Sockets are displayed only when you select Websense-Redirect filtering type on the Global Configuration page.

Default

Specifies all errors other than the categorized settings. These could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Log and Permit.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the Web filtering profile, the processing is aborted and the content is passed or blocked without completing filtering. The decision is made based on the timeout fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Log and Permit.

Moderately Safe

Specifies that the device must take appropriate action (permit, log and permit, or block) if the site reputation reaches the % score that is defined by you. If you have not defined the percentage, the default score is 80 through 89.

Enter the percentage value in the % field.

Select Permit, Log and Permit, or Block.

Suspicious

Specifies that the device must take appropriate action (permit, log and permit, or block) if the site reputation reaches the % score that is defined by you. If you have not defined the percentage, the default score is 60 through 69.

Enter the percentage value in the % field.

Select Permit, Log and Permit, or Block.

Action

Specifies the action that the device must take for the category selected.

Select Permit, Log and Permit, or Block.

Download

Click Download. The Manually Download window opens and displays the available verions. You can check the available version by clicking the URL.

Version - You can choose the latest version or select the version number which you want to download.

Auto Download and Install

Click Auto Download and Install to enable J-Web to automatically detect for newer version of UTM category, download if found, and install it on your device. The Auto Download Settings window is displayed.

• URL—URL from where you download the category.

• Interval time—Time period to download and check install category file.

• Start time—Start date and time to initiate automatic download and installation process.

Select Download Off to turn off the Auto Download and Install feature.

Profile Name

Displays the unique name of the antispam profile.

Custom Tag String

Displays the custom string used to identify a spam message.

Address Whitelist

Specifies the comprehensive list of MIME types that can bypass antivirus scanning.

Select the customized object from the list.

Default SBL Server

Specifies the profile that uses SBL server. The SBL server is predefined on the device. It ships with the name and address of the Symantec SBL server preloaded. If you do not select this check box, you are disabling server-based spam filtering. Disable this function if you are using only local lists or if you do not have a license for server-based spam filtering.

Select the check box if you are using the default server.

Default Action

Specifies the option to be taken when a spam message is detected. The options available are:

• Tag Subject—Adds the custom string at the beginning of the subject of the e-mail.

• Block email—Blocks the spam e-mail.

• Tag Header—Adds the custom string to the e-mail header.

Select an option.

Profile Name

Displays the unique name of the antispam profile.

Block Command List

Displays the blocked protocol command.

Permit Command List

Specifies the permitted protocol command.

Select the protocol command name to be permitted from the list.

Block Extension List

Specifies the blocked extension list name.

Select the extension to be blocked from the list.

Block MIME Exception List

Specifies the blocked MIME list.

Select the MIME type to be excluded from the list.

Notification Mail Sender

Specifies that when a virus is detected and a content block is triggered, an e-mail is sent to the administrator.

Select the Notify Mail Sender check box.

Value

Displays the user-defined value or a predefined MIME pattern value.

Name

Displays the user-defined name or a predefined file extension name.

Value

Displays only user-defined protocol command values.

Name

Displays only user-defined URL pattern names.

Value

Displays only predefined URL categories from the SurfControl server. You can also configure URLs. The URLs configured in the URL pattern list are displayed here.

The Custom Message List displays the custom messages that you have created and the type of action it takes when Enables you to create block message or URL, or quarantine message or URL for each category.

Name

Displays the name of the custom message that you have created.

Content

Displays the content of the custom message. It is either a user message or an URL to be redirected to.

MIME Pattern Name

Displays the user-defined name or a predefined MIME pattern name.

Enter a MIME pattern name.

MIME Pattern Value

Displays the user-defined pattern value or a predefined MIME pattern value.

The options available are:

• Delete—Deletes the selected MIME pattern value.

• Add—Adds the selected MIME pattern value.

Select an option.

File Extension Name

Displays the user-defined name or a predefined file extension name.

Enter a file extension name.

Available Values

Displays the user-defined value or a predefined file extension value.

Select a value to associate it with the file extension name.

Protocol Command Name

Displays only user-defined protocol command names.

Enter a protocol command name.

Protocol Command Value

Displays only user-defined protocol command values.

The options available are:

• Delete—Deletes the selected protocol command value.

• Add—Adds the selected protocol command value.

Select an option.

URL Pattern Name

Displays only user-defined URL pattern names.

Enter a URL pattern name.

URL Pattern Value

Displays only user-defined URL pattern values.

The options available are:

• Delete—Deletes the selected URL pattern value.

• Add—Adds the selected URL pattern value.

Select an option.

URL Category Name

Displays only predefined URL categories.

Enter a URL category name.

Available Values

Displays only predefined URL categories from the SurfControl server. You can also configure URLs. The URLs configured in the URL pattern list are displayed here.

Select a value to associate it with the URL category name.

UTM policy name

Displays the UTM policy name.

Anti-Spam

Displays the Anti-Spam profile.

Content filtering

Displays the content filtering profiles.

Session per client limit

Specifies the session per client limit.

Enter a value from 0 through 20000.

FTP upload profile

Specifies the UTM policy for the FTP protocol to be scanned.

Select the check box.

IMAP profile

Specifies the UTM policy for the IMAP protocol to be scanned.

Select the check box.

POP3 profile

Specifies the UTM policy for the POP3 protocol to be scanned.

Select the check box.

HTTP profile

Specifies the UTM policy for the HTTP protocol to be scanned.

Select an option from the list.

SMTP profile

Specifies the UTM policy for the SMTP protocol to be scanned.

Select an option from the list.

HTTP profile

Specifies the UTM policy for the HTTP protocol to be scanned.

Select an option from the list.

FTP download profile

Specifies the UTM policy for the FTP protocol to be scanned.

Select an option from the list.

SMTP profile

Specifies the UTM policy for the SMTP protocol to be scanned.

Select an option from the list.

Name

Displays the field values for install or download operation.

URL

Specifies the predefined default URL used by the device to download the signature database.

Select the URL from the list.

Full Package

Enables the device to download the latest security package with the full set of attack signature tables from the portal.

Select the check box.

Do not set to active after installed

Specifies whether or not to activate the installed security package.

Select the check box.

Install Status

Shows the security package install status in the message box.

Select Install Status from the Check Status list.

URL Setting

Specifies the predefined default URL used by the device to download the signature database.

Click URL Setting and type a URL

Note: The URL configured in the URL Setting window is displayed by default in the Download window.

Interval

Specifies the time interval for automatic download.

Enter an integer.

Enable Schedule Update

Enables the auto-download settings feature.

Select the check box to activate automatic download settings.

Minimum Log Supercade

Specifies the minimum number of logs to trigger the signature hierarchy feature.

Enter an integer.

Cache Size

Specifies the size of the cache memory (MB) where IDP stores log records.

Enter an integer.

Include Destination Address

Specifies to combine log records for events with a matching source address.

Select an option from the list.

Max Time Report

Specifies the time (seconds) after which suppressed logs will be reported. IDP reports suppressed logs after 5 seconds by default.

Enter an integer.

ignore Reassembly Memory Overflow

Specifies if the user has to allow per-flow reassembly memory to go out of limit.

Select an option from the list.

Max Packet Memory

Specifies maximum packet memory for TCP reassembly in kilobytes.

Enter an integer.

Select Advanced and click Edit and update the following fields.

Log Errors

Specifies if the flow errors have to be logged.

Select an option from the list.

Hash Table Size

Specifies the hash table size. The default value is 1024.

Enter a value.

Reject Timeout

Specifies the amount of time in milliseconds within which a response must be received.

Enter a value.

Enable Packet Pool

Specifies if the packet pool is enabled to be used when the current pool is exhausted.

Select an option from the list.

GTP Decapsulation

Specifies if the number of packets that are GPRS tunneling protocol (GTP) packets are decapsulated.

Select an option from the list.

Ignore Regular Expression

Specifies if the sensor has to bypass DFA and PCRE matching.

Select an option from the list.

Process Override

Specifies if the sensor has to execute protocol decoders even without an IDP policy.

Select an option from the list.

IPS FIFO Max Size

Specifies the maximum allocated size of the IPS FIFO.

Enter an integer.

Protocol

Specifies the name of the protocol to enable or disable the detector.

Select the name of the protocol from the list.

Tunable Value

Specifies the value of the tunable parameter to enable or disable the protocol detector for each of the services.

Enter the protocol value of the specific tunable parameter.