[Next][Report an Error]

J-Web Configuration

To configure antivirus protection using the J-Web configuration editor, you must first create your custom objects (MIME Pattern List, Filename Extension List, URL Pattern List, and Custom URL Category List).

Configure a MIME Pattern List Custom Object as follows :

  1. Select Configure>Security>UTM>Custom Objects.
  2. From the MIME Pattern List tab, click the Add button to create MIME pattern lists.
  3. In the Add MIME Pattern pop-up window, next to MIME Pattern Name, enter a unique name for the list you are creating.

    Keep in mind that you are creating a MIME white list and a MIME exception list (if necessary). Both MIME lists appear in the MIME Whitelist and Exception MIME Whitelist fields when you configure antivirus. Therefore, the MIME list names you create should be as descriptive as possible.

  4. Next to MIME Pattern Value, enter the MIME pattern.
  5. Click Add to add your MIME pattern to the Values list box.

    Within this box, you can also select an entry and use the Delete button to delete it from the list. Continue to add MIME patterns in this manner.

  6. Optionally, create a new MIME list to act as an exception list.

    The exception list is generally a subset of the main MIME list.

  7. Click OK to save the selected values as part of the MIME list you have created.
  8. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Configure a Filename Extension List Custom Object as follows :

  1. Select Configure>Security>UTM>Custom Objects.
  2. From the Filename Extension List tab, click the Add button to create filename extension lists.
  3. Next to File Extension Name, enter a unique name for the list you are creating.

    This name appears in the Scan Option By Extension list when you configure an antivirus profile.

  4. In the Available Values box, select one or more default values (press Shift to select multiple concurrent items or press Ctrl to select multiple separate items) and click the right arrow button to move the value or values to the Selected Values box.
  5. Click OK to save the selected values as part of the extension list you have created.
  6. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Configure a URL Pattern List Custom Object as follows:

Note: Because you use URL Pattern Lists to create Custom URL Category Lists, you must configure URL Pattern List Custom Objects before you configure a Custom URL Category List.

  1. Select Configure>Security>UTM>Custom Objects.
  2. From the URL Pattern List tab, click the Add button to create URL pattern lists.
  3. Next to URL Pattern Name, enter a unique name for the list you are creating. This name appears in the Custom URL Category List Custom Object page for selection.
  4. Next to URL Pattern Value, enter the URL or IP address you want added to the list for bypassing scanning.

    Note: URL pattern wildcard support—The wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use “*” if it is at the beginning of the URL and is followed by a “.”. You can only use “?” at the end of the URL.

    The following wildcard syntax IS supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is NOT supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.

  5. Click Add to add your URL pattern to the Values list box.

    The list can contain up to 8192 items. You can also select an entry and use the Delete button to delete it from the list. Continue to add URLs or IP addresses in this manner.

  6. Click OK to save the selected values as part of the URL pattern list you have created.
  7. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Configure a Custom URL Category List Custom Object as follows .

Note: Because you use URL Pattern Lists to create Custom URL Category Lists, you must configure URL Pattern List Custom Objects before you configure a Custom URL Category List. URL Pattern List Custom Objects are described in the previous section.

  1. Select Configure>Security>UTM>Custom Objects.
  2. From the URL Category List tab, click Add to create URL category lists.
  3. Next to URL Category Name, enter a unique name for the list you are creating. This name appears in the URL Whitelist list when you configure antivirus global options.
  4. In the Available Values box, select a URL Pattern List name from the list for bypassing scanning and click the right arrow button to move it to the Selected Values box.
  5. Click OK to save the selected values as part of the custom URL list you have created.
  6. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Now that your custom objects have been created, you can configure the antivirus feature profile.

  1. Select Configure>Security>UTM>Global options.
  2. In the Anti-Virus tab, next to MIME whitelist, select the custom object you created from the list.
  3. Next to Exception MIME whitelist, select the custom object you created from the list.
  4. Next to URL Whitelist, select the custom object you created from the list.
  5. In the Engine Type section, select the type of engine you are using.

    For full antivirus protection, you should select Kaspersky Lab.

  6. In the Kaspersky Lab Engine Option section, enter the URL for the pattern database in the Pattern update URL box.

    Note that the URL is http://update.juniper-updates.net/AV/<device version> and you should not change it.

  7. Next to Pattern update interval, enter the time interval, in seconds, for automatically updating the pattern database in the box.

    The default interval is 60.

  8. Select whether you want the pattern file to update automatically (Auto update) or not (No Auto update).
  9. Click OK to save the selected values.
  10. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in a pop-up window that appears to discover why.
  11. Select Anti-Virus, under Security, in the left pane.
  12. Click Add in the right window to create a profile for the antivirus Kaspersky Lab Engine. (To edit an existing item, select it and click the Edit button.)
  13. Next to Profile name, enter a unique name for this antivirus profile.
  14. Select the Profile Type.

    In this case, select Kaspersky.

  15. Next to Trickling timeout, enter timeout parameters. Note that trickling applies only to HTTP. HTTP trickling is a mechanism used to prevent the HTTP client or server from timing out during a file transfer or during antivirus scanning.
  16. Next to Intelligent prescreening, select Yes or No.

    Note: Intelligent prescreening is only intended for use with non-encoded traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP, and HTTP POST).

  17. In the Scan Options section, next to Intelligent prescreening, select Yes if you are using it. .

    Note: Intelligent prescreening is only intended for use with non-encoded traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP, and HTTP POST).

  18. Next to Content Size Limit, enter content size parameters. The content size check occurs before the scan request is sent. The content size refers to accumulated TCP payload size.
  19. Next to Scan engine timeout, enter scanning timeout parameters.

  20. Next to Decompress Layer Limit, enter decompression layer limit parameters.
  21. In the Scan mode section, select either Scan all files, if you are scanning all content, or Scan files with specified extension, if you are scanning by file extensions.

    If you select Scan files with specified extension, you must select a filename extension list custom object from the Scan engine filename extention list that appears .

  22. Select the Fallback settings tab.
  23. Next to Default (fallback option), select Log and permit or Block from the list.

    Note that in most cases, Block is the default fallback option.

  24. Next to Corrupt File (fallback option), select Log and permit or Block from the list.
  25. Next to Password File (fallback option), select Log and permit or Block from the list.
  26. Next to Decompress Layer (fallback option), select Log and permit or Block from the list.
  27. Next to Content Size (fallback option), select Log and permit or Block from the list.
  28. Next to Engine Not Ready (fallback option), select Log and permit or Block from the list.
  29. Next to Timeout (fallback option), select Log and permit or Block from the list.
  30. Next to Out Of Resources (fallback option), select Log and permit or Block from the list.
  31. Next to Too Many Request (fallback option), select Log and permit or Block from the list.
  32. Select the Notification options tab.
  33. In the Fallback block section, next to Notification type, select Protocol Only or Message to select the type of notification that is sent when a fallback option of block is triggered.
  34. Next to Notify mail sender, select Yes or No.
  35. If you selected Yes, next to Custom Message, enter text for the message body of your custom message for this notification (if you are using a custom message).
  36. Next to Custom message subject, enter text to appear in the subject line of your custom message for this notification (if you are using a custom message).
  37. In the Fallback non block section, next to Notify mail recipient, select Yes or No.
  38. If you selected Yes, next to Custom Message, enter text for the message body of your custom message for this notification (if you are using a custom message).
  39. Next to Custom message subject, enter text to appear in the subject line of your custom message for this notification (if you are using a custom message).
  40. Select the Notification options cont tab.
  41. In the Virus detection section, next to Notification type, select Protocol Only or Message to select the type of notification that is sent when a fallback option of block is triggered.
  42. Next to Notify mail sender, select Yes or No.
  43. If you selected Yes, next to Custom Message, enter text for the message body of your custom message for this notification (if you are using a custom message).
  44. Next to Custom message subject, enter text to appear in the subject line of your custom message for this notification (if you are using a custom message).

    The limit is 255 characters.

  45. Click OK .
  46. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

    Note: You create a separate antivirus profile for each antivirus protocol. These profiles may basically contain the same configuration information, but when you are creating your UTM policy for an antivirus profile, the UTM policy configuration page provides separate antivirus profile selection fields for each supported protocol.

Next, you configure a UTM policy for antivirus to which you attach the antivirus profile you have configured.

  1. Select Configure>Security>Policy>UTM Policies.
  2. From the UTM policy configuration window, click Add to configure a UTM policy.

    This takes you to the policy configuration pop-up window.

  3. Select the Main tab in pop-up window.
  4. In the Policy name box, enter a unique name for the UTM policy you are creating.
  5. In the Session per client limit box, enter a session per client limit from 0 to 20000 for this UTM policy.
  6. For Session per client over limit, select one of the following: Log and permit, Block.

    This is the action the device takes when the session per client limit for this UTM policy is exceeded.

  7. Select the Anti-Virus profiles tab in the pop-up window.
  8. Select the appropriate profile you have configured from the list for the corresponding protocol listed.
  9. Click OK.
  10. If the policy is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Next, you attach the UTM policy to a security policy that you create.

  1. Select Configure>Security>Policy>FW Policies.
  2. From the Security Policy window , click Add to configure a security policy with UTM.

    This takes you to the policy configuration pop-up window.

  3. In the Policy tab, enter a name in the Policy Name box.
  4. Next to From Zone, select a zone from the list.
  5. Next to To Zone, select a zone from the list.
  6. Choose a Source Address.
  7. Choose a Destination Address.
  8. Choose an Application.

    Do this by selecting junos-<protocol> (for all protocols that support antivirus scanning) in the Application Sets box and clicking the right arrow —> button to move them to the Matched box.

  9. Next to Policy Action, select Permit.

    Note: When you select Permit for Policy Action, several additional fields become available in the Applications Services tab, including UTM Policy.

  10. Select the Application Services tab in the pop-up window.
  11. Next to UTM Policy, select the appropriate policy from the list.

    This attaches your UTM policy to the security policy.

    Note: There are several fields on this page that are not described in this section. See the Security Policies section for detailed information on configuring security policies and all the available fields.

  12. Click OK to save your policy.
  13. If the policy is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.

    You must activate your new policy to apply it.


[Next][Report an Error]