Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configure the Advanced Anti-Malware Policy on the SRX Series Device

    These instructions assume you are familiar with basic SRX Series device setup and configuration. For example, zone names must be configured before you proceed with the following sections. For that information, refer to the SRX Series documentation.

    1. Set the policy name and enter the threshold for blocking malicious files:

      set services advanced-anti-malware policy <policy_name> verdict-threshold <number or recommended>

      Example: set services advanced-anti-malware policy aamw_policy1 verdict-threshold recommended

      Note: For threshold number, you can enter 1-10. If you don’t know what to enter, you can use “recommended” in place of a number, and the default (7) will be used.

    2. Configure an action to take when the verdict threshold for a file has been reached, and log that action:

      set services advanced-anti-malware policy <policy_name> <application> action <permit, deny> notification <log>

      Example: set services advanced-anti-malware policy aamw_policy1 http action permit notification log

      Note: For the smtp protocol, the action is configured in the Web UI.

    3. Associate the policy with the device profile so files are sent for inspection. (A default profile is shipped with Sky ATP. You can configure your own profile using the Web UI):

      set services advanced-anti-malware policy <policy_name> <protocol> inspection-profile <profile-name>

      Example: set services advanced-anti-malware policy aamw_policy1 http inspection-profile default_profile

    4. Enable the advanced anti-malware application policy in the firewall policy:

      set security policies from-zone <zone1> to-zone <zone2> policy <firewall-policy-name> then action <permit or block> application-service advanced-anti-malware policy <policy_name>

      Example: set security policies from-zone zone1 to-zone zone2 policy firewall-policy1 match source-address any

      set security policies from-zone zone1 to-zone zone2 policy firewall-policy1 match destination-address any

      set security policies from-zone zone1 to-zone zone2 policy firewall-policy1 match application any

      set security policies from-zone zone1 to-zone zone2 policy firewall-policy1 then permit application-services advanced-anti-malware-policy aamw_policy1

    Modified: 2017-10-10