Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Default Configuration Page Options

 

The Default Configuration page describes the security features of Unified threat management (UTM).

This default configuration will be used, If there are multiple UTM policies present in the potential list. The global configuration will be used till the exact match is found in the potential list.

The following security features are parts of UTM default configuration:

  • Sophos Antivirus— Sophos antivirus is an in-the-cloud antivirus solution. The virus pattern and malware database is located on external servers maintained by Sophos (Sophos Extensible List) servers.

  • Web filtering—Web filtering lets you to manage Internet usage by preventing access to inappropriate Web content.

  • Antispam—This feature examines transmitted messages to identify any e-mail spam.

  • Content filtering— This feature blocks or permits certain types of traffic based on the MIME type, file extension, protocol command, and embedded object type.

  1. Select Configure>Security>UTM>Default Configuration in the J-Web user interface.

    The Default Configuration page appears. Table 193explains the contents of this page.

  2. Click one:
    • Anti-Virus—Select this tab to view or create anti-virus configuration. Enter information as specified in Table 194.

    • Web Filtering —Select this tab to view or create the web filtering configuration. Enter information as specified in Table 194.

    • Anti-Spam —Select this tab to view or create the anti-spam configuration. Enter information as specified in Table 194.

    • Content-Filtering—Select this tab to view or create the anti-spam configuration. Enter information as specified in Table 194.

  3. Click one:

    Click Commit icon at the top of the J-Web page. The following commit options are displayed.

    • Commit—Commits the configuration and returns to the main configuration page.

    • Compare—Enables you to see the configuration changes that you have performed in the Show Pending Changes.

    • Discard—Discards the configuration changes you performed in the J-Web.

    • Preferences—There are two tab:

      • Commit preferences— You can choose to just validate or validate and commit the changes.

      • Confirm commit timeout (in min)— You can select the timeout interval.

Table 193: Default Configuration main page

Field

Function

Anti-Virus

Displays the configured antivirus. You can also configure an antivirus.

Web Filtering

Displays the configured web filtering. You can also configure a web filtering.

Anti-Spam

Displays the configured antispam. You can also configure an anti-spam.

Content-Filtering

Displays the configured content filtering. You can also configure a content filtering.

Table 194: Default configuration option page

Field FunctionAction
Create antivirus

Type

Displays the anti-virus engine type.

Select the require required engine type:

  • Anti-Virus None

  • Sophos Engine

URL Whitelist

Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning.

Select the customized object from the list.

MIME Whitelist

list

Specifies the comprehensive list of MIME types that can bypass antivirus scanning.

Select the customized object from the list.

Exception

Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist.

Select the customized object from the list.

Sophos Engine options
General Settings

Timeout

Specify the Sophos antivirus engine timeout.

Select a time, ranges from 1 to 5 seconds.

Retry

Specify the number of times retry the Sophos antivirus engine query.

Select the number of retries from 1 to 5 numeric values.

Server

Server IP

Specify the DNS Server IP.

Enter a valid DNS server IP address.

Routing Instance

Specify the name of the routing instance.

Select a valid routing instance name..

Pattern Update

URL

Specifies the URL of the database server.

Enter the URL for the pattern database.

Routing Instance

Specifies the routing instance name.

Select a routing instance from the drop down list. Routing instance can be defined under, 'Configure / Network / Routing Instance'.

Pattern Update Interval (sec)

Specifies the interval at which the database server is queried for a new version of the database.

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

Auto Update

Specifies that the antivirus pattern database is configured to be automatically updated.

Select the auto update option.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Proxy Profile

Specify the name of the proxy profile.

Select the proxy profile for Anti virus

Create Proxy Profile

Profile Name

Specifies the proxy profile name .

Enter a valid profile name.

Connection Type

Specifies the type of connection.

Select any one option from the following:

  • Server IP— Enter the server IP address.

  • Host Name— Enter the host name.

Port Number

Specifies the port number.

Enter the port number in the range 0 to 65535.

Email Notify

Admin Email

Specify that the Admin email to be notify about the pattern file update.

Enter a valid admin email id.

Custom Message subject

Specify the custom message subject for notification.

Enter the subject of the custom message.

Custom Message

Displays the custom message for notification.

Enter the custom message for notification.

Fallback Settings

Default

Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Content Size

Fallback action for over content size.

Select from the following permit, block, log and permit.

Engine-not-ready

Specifies that the scan engine is not ready during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit.

Select from the following permit, block, log and permit.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking.

Select Log and Permit. The default action is Block.

Out-of-resources

Specifies the resource constraints error received during virus scanning. This error can be or by the can be sent by the scan engine (as a scan-code) or scan manager. When the system is out of resources occurs, scanning is aborted. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Too-many-requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Scan Option

URI Check

Specify the antivirus URI check.

Enable the URI check.

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 40,000 KB.

Timeout

Specifies the timeframe between the scan requests generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Trickling

Trickling Timeout

Displays the trickling timeout interval.

Enter the time interval from 0 through 600 seconds.

Virus Detection

Type

Specifies the type of notification to be sent when a virus is detected.

Select Protocol Only or Message option.

Notify Mail Sender

Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected.

Select yes to send a notification and no to not send a notification.

Custom Message Subject

Specifies the subject line text for your custom message for the virus detection notification.

Enter the subject line text for your custom message.

Custom Message

Specifies the customized message text for the virus detection notification.

Enter the text for this custom notification message.

Fallback Block

Type

Specifies the type of notification sent when a fallback option of block is triggered.

Select the Protocol Only or the Message check box.

Notify Mail Sender

Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator.

Select the Notify Mail Sender check box to enable this notification.

Custom Message

Specifies the customized message text for the fallback block notification.

Enter the text for this custom notification message

Custom Message Subject

Specifies the subject line text for your custom message for the fallback block notification.

Enter the subject line text for your custom message.

Fallback Non Block  

Notify Mail Recipient

Notify mail sender

Custom Message Subject

Specifies the customized message text for the fallback nonblock notification.

Enter the text for this custom notification message.

Custom Message

Specifies the subject line for your custom message for the fallback nonblock notification.

Enter the subject line text for your custom message.

Create Web filtering

HTTP persist

Configure the web-filtering engine type

Enable/Disable the option.

HTTP Reassemble

Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning.

Reassemble HTTP request segments

Type

Specifies a unique customized list of all URLs or IP addresses for a given category that are scanned for blacklisting.

Select from the drop down list:

  • Juniper Enhanced

  • Juniper Local

  • Websense Redirect

URL Blacklist

Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning.

Configure custom URL for blacklist category

URL Whitelist

Specifies a unique customized list of all URLs or IP addresses for a given category that are scanned for blacklisting.

Configure custom URL for whitelist category

Juniper Enhanced Options

Specifies that the Juniper Enhanced Web filtering intercepts the HTTP and the HTTPS requests and sends the HTTP URL or the HTTPS source IP to the Websense ThreatSeeker Cloud (TSC).

Global

Base Filter

Select the base filter from the drop down list.

Select the base filter from the drop down list.

Custom Block Message

Specify the juniper enhanced custom block message sent to HTTP Client.

Enter a message to be displayed when content is blocked.

Default Action

Juniper enhanced profile default.

Select Log and Permit. The default action is Log and Permit.

No Safe Search

Specifies not to perform safe-search for Juniper enhanced protocol.

Enable/Disable this option to choose this type of search.

Note: Do not perform safe-search for Juniper enhanced protocol

Quarantine Custom Message

Juniper enhanced quarantine custom message.

Enter the quarantine custom message.

Timeout

Juniper enhanced timeout.

Select a timeout interval from 1 to 1800 seconds.

Cache

Size

Specify Juniper enhanced cache size

Select a cache size from 0 to 4096 Killobytes.

Time out

Specify Juniper enhanced cache time out.

Select a timeout interval from 1 to 1800 seconds.

Block Messages

Type

Specify the type of block message.

Select the type of block message.

URL

Specify the URL of the block message.

Enter URL of the block messages.

Fallback Settings

Default

Specifies all errors other than the categorized settings. These could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Log and Permit.

Server-connectivity

Specifies that the server connection is not established during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Log and Permit.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the Web filtering profile, the processing is aborted and the content is passed or blocked without completing filtering.

Select Log and Permit. The default action is Log and Permit.

Too-many-requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Log and Permit.

Category

Specifies a unique customized list of categories.

  • Add (+)—Adds the selected category and the corresponding action to the list of available categories for the Juniper Enhanced Web Ffiltering profile.

  • Delete(X)—Deletes the selected category from the list of available categories for the Juniper Enhanced Web Filtering profile.

Select a category from the list.

Action

Specifies the action that the device must take for the category selected.

Select Permit, Log and Permit, or Block.

Quarantine Message

Type

Specify type of quarantine message desired.

Select a type.

URL

URL of quarantine message.

Enter a valid URL.

Server

Host

Specifies the address of the host server.

Enter the address of the host server.

Port

Specifies the port number of the server.

Enter the port number of the server.

Routing Instance

Specify the routing instance name.

Select a routing instance.

Proxy Profile

Specify the proxy profile for Web filtering.

Create a Proxy profile

Site Reputation Action

Specify the action to be taken depending on the site reputation returned for all types of URLs whether it is categorized or uncategorized.

Displays the following options:

  • Very Safe– Permit, log-and-permit, block, or quarantine a request if a site-reputation of 90 through 100 is returned.

  • Moderately Safe– Permit, log-and-permit, block, or quarantine a request if a site-reputation of 80 through 89 is returned.

  • Fairly Safe– Permit, log-and-permit, block, or quarantine a request if a site-reputation of 70 through 79 is returned.

  • Suspicious– Permit, log-and-permit, block, or quarantine a request if a site-reputation of 60 through 69 is returned.

  • Harmful– Permit, log-and-permit, block, or quarantine a request if a site-reputation of zero through 59 is returned.

Click Reset to position the slider to the recommended levels.

Juniper Local

Specify the Local profile type.

Select this option to use the Local profile type.

Websense Redirect

Account

Displays the user account for which this profile is intended.

Sockets

Displays the number of sockets used for communicating between the client and server.

Enter the number of sockets.

Delete All Default Configurations

Deletes all the configurations

-

Create Anti-Spam

Address Whitelist

Specifies the comprehensive list of MIME types that can bypass antivirus scanning.

Select the customized object from the list.

Address Blacklist

Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist.

Select the customized object from the list.

Type

Specify the antispam type.

SBL settings

Custom Tag String

Specifies the custom string that is used to identify a spam message.

Enter a custom string for identifying a message as spam. By default the devices uses ***SPAM***.

SBL Default Server

Specifies the profile that uses SBL server. The SBL server is predefined on the device.

Select the check box if you are using the default server.

Spam Action

Displays the Spam action.

Select any one from the action.

  • Block Email

  • Tag header email

  • Tag subject email.

Create Content Filtering

Click one:

  • Expand/Collapse- All

  • Edit- Edits the options.

  • Delete- Delete the option.

Permit Command List

Displays the permitted protocol command name.

Select the protocol command name to be permitted from the list.

Block Command List

Displays the blocked protocol command.

Select the protocol command name to be blocked from the list.

Block Extension List

Specifies the blocked extension list name.

Select the extension to be blocked from the list.

Block MIME List

Specifies the blocked MIME.

Select the MIME type from the list.

Block MIME Exception List

Specifies the blocked MIME list.

Select the MIME type to be excluded from the list.

Type

Specifies the content filtering type.

Select the type.

Block Content Type

Specifies the blocked content type.

  • activex

  • exe

  • http-cookie

  • java-applet

  • zip

Select the content type to be blocked.

Notification Options

Type

Specifies the type of notification sent when a content block is triggered.

Select the Protocol Only or the Message check box.

Notify Mail Sender

Specifies that when a virus is detected and a content block is triggered, an e-mail is sent to the administrator.

Select the Notify Mail Sender check box.

Custom Notification Message

Specifies the customized message text for the content-block notification.

Enter the text for this custom notification message (if you are using one).