SRX 시리즈 방화벽의 서비스 상태 모니터링
Juniper Mist™ 클라우드 포털에서 주니퍼 네트웍스® SRX 시리즈 방화벽에 있는 다음 기능의 서비스 상태를 모니터링할 수 있습니다.
-
EWF(Enhanced Web Filtering)
-
Idp
-
애플리케이션 보안
이 기능을 사용하려면 SRX 시리즈 방화벽에 대한 유효한 라이선스가 필요합니다. 라이선스 요구 사항 및 설치에 대한 자세한 내용은 주니퍼 라이선스 사용자 가이드를 참조하십시오.
SRX 시리즈 방화벽에서 명령을 사용하여 show system license
만료 날짜와 함께 라이선스 이름을 표시합니다.
user@host> show system license License usage: Licenses Licenses Licenses Expiry Feature name used installed needed anti_spam_key_sbl 0 1 0 2022-04-28 00:00:00 UTC idp-sig 0 1 0 2022-04-28 00:00:00 UTC dynamic-vpn 0 2 0 permanent av_key_sophos_engine 0 1 0 2022-04-28 00:00:00 UTC logical-system 1 3 0 permanent wf_key_websense_ewf 0 1 0 2022-04-28 00:00:00 UTC remote-access-ipsec-vpn-client 0 2 0 permanent Licenses installed: License identifier: DemoLabJUNOS386107562 License version: 4 Valid for device: CV4720AF0436 Customer ID: Juniper Internal Features: av_key_sophos_engine - Anti Virus with Sophos Engine date-based, 2021-04-27 00:00:00 UTC - 2022-04-28 00:00:00 UTC anti_spam_key_sbl - Anti-Spam date-based, 2021-04-27 00:00:00 UTC - 2022-04-28 00:00:00 UTC idp-sig - IDP Signature date-based, 2021-04-27 00:00:00 UTC - 2022-04-28 00:00:00 UTC wf_key_websense_ewf - Web Filtering EWF date-based, 2021-04-27 00:00:00 UTC - 2022-04-28 00:00:00 UTC
Check EWF Status
To check Enhanced Web Filtering (EWF) configuration status:
- Confirm if EWF is enabled on your SRX Series Firewall in CLI operational mode:
user@host> show security utm web-filtering status UTM web-filtering status: Server status: no-config root@00c52c4c3204>
The Server status: no-config indicates that the EWF is not configured.
- Configure EWF on your SRX Series Firewall using the CLI at the [edit] hierarchy level. Use configuration mode and commit the configuration.
Note:
We've captured the following configuration from a lab environment and provided it for reference purposes only. Your own configuration may vary based on the specific requirements of your environment.
[edit] set system syslog file utm-log any any set system syslog file utm-log match RT_UTM set security utm custom-objects url-pattern blacklist value https://*.poki.com set security utm custom-objects custom-url-category restricted value blacklist set security utm default-configuration anti-virus type sophos-engine set security utm default-configuration anti-virus scan-options uri-check set security utm default-configuration anti-virus scan-options timeout 30 set security utm default-configuration anti-virus sophos-engine sxl-timeout 5 set security utm default-configuration web-filtering url-blacklist restricted set security utm default-configuration web-filtering type juniper-enhanced set security utm default-configuration web-filtering juniper-enhanced server host rp.cloud.threatseeker.com set security utm default-configuration web-filtering juniper-enhanced server port 80 set security utm default-configuration web-filtering juniper-enhanced default permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Games action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Gambling action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Abused_Drugs action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Adult_Content action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Adult_Material action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Advanced_Malware_Command_and_Control action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Advanced_Malware_Payloads action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Bot_Networks action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Compromised_Websites action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Drugs action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Emerging_Exploits action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Files_Containing_Passwords action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Hacking action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Illegal_or_Questionable action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Keyloggers action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Malicious_Embedded_Link action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Malicious_Embedded_iFrame action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Malicious_Web_Sites action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Militancy_and_Extremist action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Mobile_Malware action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Network_Errors action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Newly_Registered_Websites action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Pay_to_Surf action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Phishing_and_Other_Frauds action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Potentially_Damaging_Content action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Potentially_Exploited_Documents action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Potentially_Unwanted_Software action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Racism_and_Hate action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Spyware action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Suspicious_Content action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Suspicious_Embedded_Link action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Unauthorized_Mobile_Marketplaces action block set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Alcohol_and_Tobacco action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Application_and_Software_Download action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Bandwidth action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Computer_Security action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Custom_Encrypted_Payloads action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Elevated_Exposure action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Entertainment action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Entertainment_Video action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_File_Download_Servers action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Freeware_and_Software_Download action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Instant_Messaging action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Internet_Auctions action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Internet_Radio_and_TV action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Intolerance action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Lingerie_and_Swimsuit action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Marijuana action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Media_File_Download action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Message_Boards_and_Forums action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Non_Traditional_Religions action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Non_Traditional_Religions_and_Occult_and_Folklore action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Nudity action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Parked_Domain action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Peer_to_Peer_File_Sharing action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Personals_and_Dating action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Prescribed_Medications action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Private_IP_Addresses action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Pro_Choice action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Pro_Life action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Proxy_Avoidance action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Sex action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Sex_Education action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Social_Networking_and_Personal_Sites action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Surveillance action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Tasteless action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Violence action log-and-permit set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Web_and_Email_Spam action log-and-permit set security utm utm-policy custom-utm-policy anti-virus http-profile junos-av-defaults set security utm utm-policy custom-utm-policy web-filtering http-profile wf-home
-
Check the status in CLI operational mode.
user@host> show security utm web-filtering status UTM web-filtering status: Server status: Juniper Enhanced using Websense server UP
Now, the status changes to Server status: Juniper Enhanced using Websense server UP. This status indicates that the EWF service is enabled on your device.
- You can check the status in the Juniper Mist cloud portal as shown in Figure 1.
Check IDP Status
Before configuring Intrusion Detection and Prevention (IDP) you need to download and install the IDP security package using the following steps:
-
Download the IDP package using the instructions in request security idp security-package download command.
-
Install the package using the instructions in request security idp security-package install command.
This example uses the IDP templates which you download and install as follows: .
- Download IDP template using the instructions in request security idp security-package download policy-templates command.
- Install the templates using the instructions in request security idp security-package install policy-templates command.
- Activate the template commit script
[edit] user@host-1# set system scripts commit file templates.xsl
The downloaded templates are saved to the Junos OS configuration database, and they are available in the CLI at the
[edit security idp idp-policy]
hierarchy level. Activate the predefined policy as the active policy. In this example, you use
Recommended
policy as active policy.[edit] user@host-1# set security idp default-policy Recommended user@host-1# set security idp active-policy Recommended
- Enable the IDP policy in your configuration. Following snippet shows a configuration example.
set security idp idp-policy idpengine rulebase-ips rule 1 match from-zone any set security idp idp-policy idpengine rulebase-ips rule 1 match source-address any set security idp idp-policy idpengine rulebase-ips rule 1 match to-zone any set security idp idp-policy idpengine rulebase-ips rule 1 match destination-address any set security idp idp-policy idpengine rulebase-ips rule 1 match application junos-echo set security idp idp-policy idpengine rulebase-ips rule 1 match attacks predefined-attack-groups Critical
- Use the following commands in operational mode to check for the IDP policy status:
- Recommended IDP policy:
show security idp policies
: - Policy name:
show security idp policies
- IDP status:
show security idp status
- Check the IDP status in Juniper Mist Cloud portal as shown in Figure 1 .
- Recommended IDP policy:
애플리케이션 보안 구성
SRX 시리즈 방화벽에서 애플리케이션 보안은 유효한 라이선스가 있는 경우 기본적으로 활성화됩니다. OC 팀은 모든 장치에 최신 애플리케이션 서명 버전이 있는지 확인합니다. 버전을 변경하거나 사용자 지정 버전을 설치하려면 응용 프로그램 식별을 위해 미리 정의된 응용 프로그램 서명을 참조하십시오.
Juniper Mist 클라우드 포털에서 보안 서비스 상태 보기
Juniper Mist 클라우드 포털의 보안 서비스 패널에서 보안 서비스 상태를 볼 수 있습니다. 표 1 은 상태에 대한 세부 정보를 제공합니다.
보안 서비스 | 표시 상태 | 의미 |
---|---|---|
Ewf | 사용 | Websense 서버에 대한 연결이 작동 중입니다. |
비활성화 | 디바이스에 EWF가 구성되어 있지 않습니다. | |
아래로 | Websense 서버에 대한 연결이 끊어졌습니다. | |
Idp | 사용 | 침입 탐지 및 방지(IDP)가 구성되고 침입 탐지 및 방지(IDP) 정책이 적용됩니다. |
비활성화 | 침입 탐지 및 방지(IDP)가 구성되지 않았습니다. 이 경우 침입 탐지 및 방지(IDP) 정책 이름이 공백으로 표시됩니다. | |
애플리케이션 보안 | 사용 | 애플리케이션 보안이 활성화되어 있습니다. 애플리케이션 서명 버전이 표시됩니다. |
비활성화 | 응용 프로그램 보안을 사용할 수 없습니다. 애플리케이션 서명 버전은 0으로 표시됩니다. |
그림 1 은 Juniper Mist 클라우드 포털의 보안 서비스 상태를 보여줍니다.
유효한 라이선스의 유무 및 보안 서비스의 상태와 같은 세부 정보를 얻을 수 있습니다.
"service_status": { "idp_status": "disabled", // either "enabled" or "disabled" "idp_policy": "", // if the above is disabled this will be empty "appid_status": "disabled", // either "enabled" or "disabled" "ewf_status": "disabled", // either "enabled" (websense up), "disabled" (no config) or "down" (websense down) "appid_version": 0 // this will be 0 if appid_status is disabled, as we then don't check the version number },