Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Step 1: Begin

 

Meet Juniper Unified Threat Management

The Juniper Networks Unified Threat Management (UTM) solution provides comprehensive content security against malware, viruses, phishing attacks, intrusions, spam and other threats for SRX Series devices. By consolidating security features and services into one device or service, UTM streamlines the installation and management of Juniper’s expansive security solutions.

Most UTM features are available as a subscription service and require a license. In this guide, we walk you through how to activate your subscription and generate license keys, and how to install the license keys on your SRX Series devices. We also show you how to enable a default Avira Antivirus profile.

UTM Features

Here’s a summary of the UTM security features and which ones require licenses.

UTM Feature

Requires License

Description

Antispam filtering

Yes

Antispam filtering allows you to tag or block unwanted email traffic by scanning inbound and outbound SMTP e-mail traffic. Antispam filtering allows you to use both a third-party server-based spam block list (SBL) and to optionally create your own local allowlists and blocklists for filtering against email messages. The antispam feature is not meant to replace your antispam server, but to complement it. To learn more about UTM Antispam filtering, see Antispam Filtering Overview.

Antivirus

Yes

There are two types of UTM Antivirus features: Sophos and Avira. Sophos antivirus is an in-the-cloud antivirus solution which offers decoding support for application layer protocols such as HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. To learn more about the UTM Sophos antivirus features, see Sophos Antivirus Protection. Avira antivirus is an on-device scan engine which scans network traffic for infected files, trojans, worms, spyware, and other malicious data, and immediately blocks the content. To learn more about the UTM Avira antivirus features, see On-Device Avira Antivirus.

Content Filtering

No

Content filtering blocks or permits certain types of traffic based on the MIME type, file extension, and protocol command. The content filter controls file transfers across the gateway by checking traffic against filter lists. To learn more about UTM content filtering, see Content Filtering Overview.

Web Filtering

Varies

The UTM Web filtering module lets you manage Internet usage by preventing access to inappropriate Web content. There are three types of Web filtering: redirect Web filtering, local Web filtering, and enhanced Web filtering. Redirect and local Web filtering do not require a subscription license. To learn more about UTM Web filtering, see Web Filtering Overview.

Activate and Install UTM Subscriptions and Licenses

Once you’ve purchased your UTM subscription license(s), we’ll send you a Juniper Software Entitlement Certificate by email that contains an authorization code and Software Support Reference Number (SSRN). You’ll need these to activate your subscription and generate license keys for installing the subscription licenses on your SRX Series devices.

Check out this link for more information about UTM licensing: Understanding UTM Licensing.

Before You Begin

  • Install your SRX Series devices and verify you have network access. The quickest and easiest way to do this is to follow the three-step instructions in the Day One+ guide for your SRX Series model. See Day One +

  • Set up a Juniper Networks user account to access the Customer Support Center or Partner Center. If you don’t already have one, see Account Setup. If you need help with account registration, see Login Assistance.

  • (For hardware devices only), have the product serial number handy.

    You can find the product serial number by running the show chassis hardware command through the J-Web Monitor Dashboard.

  • Verify that you’ve received the Juniper Software Entitlement Certificate we sent you in email. The certificate contains a 17-character activation code (sometimes referred to as authorization code or security key) and the SSRN.

    Note

    You can also find the activation code by running the show system license command through the J-Web Monitor Dashboard.

    Note

    The activation code expires in three days.

    Here’s an example of the Juniper Software Entitlement Certificate.

Activate Your Subscription

  1. Log in to the Juniper Networks Agile Licensing Portal using the credentials you set up in your user account.
  2. On the home page, enter your activation code in the Activate field and click Activate.

    The Product Activation page displays.

  3. For hardware products, enter the device serial number in the Device Serial Number field.

    If the device serial number is not registered, you’ll be routed to the product registration page. Fill in the page to register your device. Only hardware devices need to be registered.

  4. In the Select an Option section, specify if you’re activating the license for yourself or on behalf of an end customer. Only channel partners will see the option for activating on behalf of an end customer.
  5. Enter the relevant email address in the Send License Key via E-mail field to email the license key.
  6. Select the I Agree with Terms & Conditions checkbox.
  7. Click Activate.
  8. Enter a new location or use the default address.
  9. Click Submit.

    The Confirmation page displays to confirm that the subscription is activated.

  10. Click I’m Done to return to the Home page.

    UTM will generate your license keys and send them to the email address you specified.

    If you don’t receive the email message, check out the Troubleshooting section in the Juniper Knowledgebase article KB9861.

Here are a few things to note about activating a subscription:

  • The Entitlements section in the Juniper Agile Licensing portal lists the activation codes that are linked to your Juniper Networks company account and awaiting activation.

  • You use the Juniper Networks Agile Licensing Portal to activate perpetual and subscription software licenses.

  • During the activation process, the Juniper Networks Agile Licensing Portal also registers the products to your company.

Install the Subscription License on an SRX Series Device

Now that you've activated your UTM subscription and have your license keys, you’re ready to install the subscription license on your SRX Series device.

  1. Establish basic network connectivity with the SRX Series device.
  2. Run the set system license keys key name command.

    The name parameter includes the license ID and the license key. For example:

    [edit]
    user@device# set system license keys key “ANTI_SPAM_KEY_SBL” xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx"

    To install multiple license keys, run the set system license keys key name command for each license key to install. For example:

    [edit]
    user@device# set system license keys key "key_1"
    set system license keys key "key_2"
    set system license keys key "key_2"
    set system license keys key "key_4"
  3. Commit the configuration.
    [edit]
    user@device# commit
    commit complete
  4. Verify that the license keys were installed.
    user@device# show system license
    Note

    You can also run the show system license command from operational mode.

For SRX300, SRX320, SRX340, SRX345, and SRX550M devices, reboot the device after you install the license(s). The SRX device reserves additional memory for UTM features. This decreases the session capacity.

For SRX4600, SRX5600 and SRX5800 devices, run the following command to manually reallocate the memory for UTM features:

user@host> set security forwarding-process application-services enable-utm-memory

Reboot the device for the configuration to take effect.

Note

SRX1500, SRX4100 and SRX4200 devices have enough memory for UTM. You don’t need to allocate memory for these devices.

Note

You’ll need to reinstall the license after installing or upgrading to a new Junos OS Release version. Unlicensed features, such as UTM blocklists and allowlists, will continue to function without a license.