Step 1: Begin
Meet Juniper Unified Threat Management
The Juniper Networks Unified Threat Management (UTM) solution provides comprehensive content security against malware, viruses, phishing attacks, intrusions, spam and other threats for SRX Series devices. By consolidating security features and services into one device or service, UTM streamlines the installation and management of Juniper’s expansive security solutions.
Most UTM features are available as a subscription service and require a license. In this guide, we walk you through how to activate your subscription and generate license keys, and how to install the license keys on your SRX Series devices. We also show you how to enable a default Avira Antivirus profile.
Here’s a summary of the UTM security features and which ones require licenses.
Antispam filtering allows you to tag or block unwanted email traffic by scanning inbound and outbound SMTP e-mail traffic. Antispam filtering allows you to use both a third-party server-based spam block list (SBL) and to optionally create your own local allowlists and blocklists for filtering against email messages. The antispam feature is not meant to replace your antispam server, but to complement it. To learn more about UTM Antispam filtering, see Antispam Filtering Overview.
There are two types of UTM Antivirus features: Sophos and Avira. Sophos antivirus is an in-the-cloud antivirus solution which offers decoding support for application layer protocols such as HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. To learn more about the UTM Sophos antivirus features, see Sophos Antivirus Protection. Avira antivirus is an on-device scan engine which scans network traffic for infected files, trojans, worms, spyware, and other malicious data, and immediately blocks the content. To learn more about the UTM Avira antivirus features, see On-Device Avira Antivirus.
Content filtering blocks or permits certain types of traffic based on the MIME type, file extension, and protocol command. The content filter controls file transfers across the gateway by checking traffic against filter lists. To learn more about UTM content filtering, see Content Filtering Overview.
The UTM Web filtering module lets you manage Internet usage by preventing access to inappropriate Web content. There are three types of Web filtering: redirect Web filtering, local Web filtering, and enhanced Web filtering. Redirect and local Web filtering do not require a subscription license. To learn more about UTM Web filtering, see Web Filtering Overview.
Activate and Install UTM Subscriptions and Licenses
Once you’ve purchased your UTM subscription license(s), we’ll send you a Juniper Software Entitlement Certificate by email that contains an authorization code and Software Support Reference Number (SSRN). You’ll need these to activate your subscription and generate license keys for installing the subscription licenses on your SRX Series devices.
Check out this link for more information about UTM licensing: Understanding UTM Licensing.
Before You Begin
Install your SRX Series devices and verify you have network access. The quickest and easiest way to do this is to follow the three-step instructions in the Day One+ guide for your SRX Series model. See Day One +
Set up a Juniper Networks user account to access the Customer Support Center or Partner Center. If you don’t already have one, see Account Setup. If you need help with account registration, see Login Assistance.
(For hardware devices only), have the product serial number handy.
You can find the product serial number by running the
show chassis hardwarecommand through the J-Web Monitor Dashboard.
Verify that you’ve received the Juniper Software Entitlement Certificate we sent you in email. The certificate contains a 17-character activation code (sometimes referred to as authorization code or security key) and the SSRN.
You can also find the activation code by running the
show system licensecommand through the J-Web Monitor Dashboard.
The activation code expires in three days.
Here’s an example of the Juniper Software Entitlement Certificate.
Activate Your Subscription
- Log in to the Juniper Networks Agile Licensing Portal using the credentials you set up in your user account.
- On the home page, enter your activation code in the Activate
field and click Activate.
The Product Activation page displays.
- For hardware products, enter the device serial number
in the Device Serial Number field.
If the device serial number is not registered, you’ll be routed to the product registration page. Fill in the page to register your device. Only hardware devices need to be registered.
- In the Select an Option section, specify if you’re activating the license for yourself or on behalf of an end customer. Only channel partners will see the option for activating on behalf of an end customer.
- Enter the relevant email address in the Send License Key via E-mail field to email the license key.
- Select the I Agree with Terms & Conditions checkbox.
- Click Activate.
- Enter a new location or use the default address.
- Click Submit.
The Confirmation page displays to confirm that the subscription is activated.
- Click I’m Done to return to the Home
UTM will generate your license keys and send them to the email address you specified.
If you don’t receive the email message, check out the Troubleshooting section in the Juniper Knowledgebase article KB9861.
Here are a few things to note about activating a subscription:
The Entitlements section in the Juniper Agile Licensing portal lists the activation codes that are linked to your Juniper Networks company account and awaiting activation.
You use the Juniper Networks Agile Licensing Portal to activate perpetual and subscription software licenses.
During the activation process, the Juniper Networks Agile Licensing Portal also registers the products to your company.
Install the Subscription License on an SRX Series Device
Now that you've activated your UTM subscription and have your license keys, you’re ready to install the subscription license on your SRX Series device.
- Establish basic network connectivity with the SRX Series device.
- Run the set system license keys key name command.
The name parameter includes the license ID and the license key. For example:
user@device# set system license keys key “ANTI_SPAM_KEY_SBL” xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx"
To install multiple license keys, run the set system license keys key name command for each license key to install. For example:
user@device# set system license keys key "key_1"
set system license keys key "key_2"
set system license keys key "key_2"
set system license keys key "key_4"
- Commit the configuration.
- Verify that the license keys were installed.
user@device# show system license
root> show system license License usage: Licenses Licenses Licenses Expiry Feature name used installed needed anti_spam_key_sbl 0 1 0 2021-06-11 09:36:04 UTC av_key_sophos_engine 0 1 0 2021-06-11 09:36:04 UTC wf_key_websense_ewf 0 1 0 2021-06-11 09:36:04 UTC
You can also run the show system license command from operational mode.
For SRX300, SRX320, SRX340, SRX345, and SRX550M devices, reboot the device after you install the license(s). The SRX device reserves additional memory for UTM features. This decreases the session capacity.
For SRX4600, SRX5600 and SRX5800 devices, run the following command to manually reallocate the memory for UTM features:
user@host> set security forwarding-process application-services enable-utm-memory
Reboot the device for the configuration to take effect.
SRX1500, SRX4100 and SRX4200 devices have enough memory for UTM. You don’t need to allocate memory for these devices.
You’ll need to reinstall the license after installing or upgrading to a new Junos OS Release version. Unlicensed features, such as UTM blocklists and allowlists, will continue to function without a license.