feature-profile
構文
feature-profile { anti-spam { address-blacklist list-name; address-whitelist list-name; sbl { profile profile-name { custom-tag-string [string]; (sbl-default-server | no-sbl-default-server); spam-action (block | tag-header | tag-subject); } } traceoptions flag flag; } anti-virus { juniper-express-engine { pattern-update { email-notify { admin-email email-address; custom-message message; custom-message-subject message-subject; } interval value; no-autoupdate; proxy { password password-string; port port-number; server address-or-url; username name; } url url; } profile profile-name { fallback-options { content-size (block | log-and-permit); default (block | log-and-permit); engine-not-ready (block | log-and-permit); out-of-resources (block | (log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } notification-options { fallback-block { administrator-email email-address; allow-email; custom-message message; custom-message-subject message-subject; display-host; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } fallback-non-block { custom-message message; custom-message-subject message-subject; (notify-mail-recipient | no-notify-mail-recipient); } virus-detection { custom-message message; custom-message-subject message-subject; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } } scan-options { content-size-limit value; (intelligent-prescreening | no-intelligent-prescreening); timeout value; } trickling { timeout value; } } } kaspersky-lab-engine { pattern-update { email-notify { admin-email email-address; custom-message message; custom-message-subject message-subject; } interval value; no-autoupdate; proxy { password password-string; port port-number; server address-or-url; username name; } url url; } profile profile-name { fallback-options { content-size (block | log-and-permit); corrupt-file (block | log-and-permit); decompress-layer (block | log-and-permit); default (block | log-and-permit); engine-not-ready (block | log-and-permit); out-of-resources (block | (log-and-permit); password-file (block | (log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } notification-options { fallback-block { administrator-email email-address; allow-email; custom-message message; custom-message-subject message-subject; display-host; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } fallback-non-block { custom-message message; custom-message-subject message-subject; (notify-mail-recipient | no-notify-mail-recipient); } virus-detection { custom-message message; custom-message-subject message-subject; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } } scan-options { content-size-limit value; decompress-layer-limit value; (intelligent-prescreening | no-intelligent-prescreening); scan-extension filename; scan-mode (all | by-extension); timeout value; } trickling { timeout value; } } } mime-whitelist { exception listname; list listname { exception listname; } } sophos-engine { pattern-update { email-notify { admin-email email-address; custom-message message; custom-message-subject message-subject; } interval value; no-autoupdate; proxy { password password-string; port port-number; server address-or-url; username name; } url url; } profile <name> { fallback-options { content-size (block | log-and-permit | permit); default (block | log-and-permit | permit); engine-not-ready (block | log-and-permit | permit); out-of-resources (block | log-and-permit | permit); timeout (block | log-and-permit | permit); too-many-requests (block | log-and-permit | permit); } notification-options { fallback-block { administrator-email email-address; allow-email; custom-message message; custom-message-subject message-subject; display-host; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } fallback-non-block { custom-message message; custom-message-subject message-subject; (notify-mail-recipient | no-notify-mail-recipient); } virus-detection { custom-message message; custom-message-subject message-subject; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } } scan-options { content-size-limit value; (no-uri-check | uri-check); timeout value; } trickling { timeout value; } } sxl-retry value; sxl-timeout seconds; } traceoptions flag flag; type (juniper-express-engine | kaspersky-lab-engine | sophos-engine); url-whitelist listname; } content-filtering { profile profile-name { block-command protocol-command-list; block-content-type (activex | exe | http-cookie | java-applet | zip); block-extension extension-list; block-mime { exception list-name; list list-name; } notification-options { custom-message message; (notify-mail-sender | no-notify-mail-sender); type (message | protocol-only); } permit-command protocol-command-list; } traceoptions flag flag; } web-filtering { url-whitelist custwhitelist; url-blacklist custblacklist; http-reassemble; type juniper-enhanced; juniper-enhanced { cache { timeout 1800; size 500; } server { host rp.cloud.threatseeker.com; port 80; } profile junos-wf-enhanced-default { category { Enhanced_Hacking { action log-and-permit; } Enhanced_Government { action quarantine; } } site-reputation-action { very-safe permit; moderately-safe log-and-permit; fairly-safe log-and-permit; harmful block; suspicious block; } default block; custom-block-message "***access denied ***"; fallback-settings { default block; server-connectivity block; timeout block; too-many-requests block; } timeout 10; no-safe-search; } utm-policy mypolicy { web-filtering { http-profile my_ewfprofile01; } } } web-filtering { juniper-enhanced { cache { size value; timeout value; } profile profile-name { category customurl-list name { action (block | log-and-permit | permit | quarantine); } custom-block-message value; custom-quarantine-message value; default (block | log-and-permit | permit | quarantine); fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } no-safe-search; site-reputation-action { fairly-safe (block | log-and-permit | permit | quarantine); harmful (block | log-and-permit | permit | quarantine); moderately-safe (block | log-and-permit | permit | quarantine); suspicious (block | log-and-permit | permit | quarantine); very-safe (block | log-and-permit | permit | quarantine); } timeout value; } server { host host-name; port number; } } juniper-local { profile profile-name { custom-block-message value; default (block | log-and-permit | permit); fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } timeout value; no-safe-search; } } surf-control-integrated { cache { size value; timeout value; } profile profile-name { category customurl-list name { action (block | log-and-permit | permit); } custom-block-message value; default (block | log-and-permit | permit); fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } timeout value; } server { host host-name; port number; } } traceoptions flag flag; type (juniper-enhanced | juniper-local | surf-control-integrated | websense-redirect); url-blacklist listname; url-whitelist listname; websense-redirect { profile profile-name { account value; custom-block-message value; fallback-settings { default (block | log-and-permit); server-connectivity (block | log-and-permit); timeout (block | log-and-permit); too-many-requests (block | log-and-permit); } server { host host-name; port number; } sockets value; timeout value; no-safe-search; } } } }
階層レベル
[edit security utm default-configuration] [edit security utm]
説明
機能プロファイルを作成して、コンテンツセキュリティ機能、アンチウィルス、アンチスパム、コンテンツフィルタリング、および Web フィルタリングを設定します。
オプション
残りのステートメントについては、個別に説明します。 CLIエクスプローラを参照してください。
必要な権限レベル
セキュリティ—設定でこのステートメントを表示します。
セキュリティ管理ー設定にこのステートメントを追加します。
リリース情報
Junos OS リリース 21.4R1 以降、コンテンツの評価はファイル コンテンツに基づいて行われます。ファイルの種類ベースのコンテンツの評価は非推奨となり、関連する構成は非表示になっています。そのため、この階層のコンテンツフィルタリングオプションは非推奨であり、Junos OSリリース21.4R1ではサポートされていません。
強化されたコンテンツ フィルタ機能に移行したくない場合は、従来の機能を使用できます。レガシー構成の使用が許可されますが、すべてのレガシー構成ノブは非推奨であり、非表示になっています。また、従来の構成オプションを使用すると、システム ログとエラー メッセージの警告が表示されます。
カスペルスキー、エクスプレスアンチウイルス、サーフコントロール機能は、Junos OSリリース15.1X49-D10以降ではサポートされていません。以前のリリースでは、リリース9.5で導入されたステートメント。
Junos OS リリース 18.2R1 以降、 階層レベルの以下のコマンドは [edit security utm feature-profile]
非推奨です。
-
set web-filtering type
-
set web-filtering url-blacklist
-
set web-filtering url-whitelist
-
set web-filtering http-persist
-
set web-filtering http-reassemble
-
set web-filtering traceoptions
-
set web-filtering juniper-enhanced cache
-
set web-filtering juniper-enhanced reputation
-
set web-filtering juniper-enhanced query-type
-
set anti-virus mime-whitelist
-
set anti-virus url-whitelist
-
set anti-virus type
-
set anti-virus traceoptions
-
set anti-virus sophos-engine
-
set anti-spam address-blacklist
-
set anti-spam address-whitelist
-
set anti-spam traceoptions
-
set content-filtering traceoptions
no-safe-search
Junos OSリリース20.2R1のWebsenseリダイレクトとジュニパーローカルにオプションが追加されました。