Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configure the SRX Series Firewall IMAP Email Policies for Integration with ATP Appliance

IMAP email management has no configuration page in ATP Appliance. Similar to SMTP, actions are defined with CLI commands on the SRX Series Firewall.

With IMAP, a default profile is send to the SRX Series Firewall whereby all attachments are scanned and allowed unless an attachment is found to be malicious.

Shown below is an example policy with email attachments addressed in profile profile2.

In the above example, the email profile (profile2) looks like this:

The firewall policy is similar to before. The AAMW policy is place in trust to untrust zone. See the example below.

Shown below is another example, using the show services advanced-anti-malware policy CLI command. In this example, a verdict score of 8 and above indicates malware.

Optionally you can configure forward and reverse proxy for server and client protection, respectively. For example, if you are using IMAPS, you may want to configure reverse proxy. For more information on configuring reverse proxy, see the SRX Series documentation.

Use the show services advanced-anti-malware statistics CLI command to view statistical information about email management.

As before, use the clear services advanced-anti-malware statistics CLI command to clear the above statistics when you are troubleshooting.

For debugging purposes, you can also set IMAP trace options.

Before configuring the IMAP threat prevention policy, you can do the following:

  • (Optional) Create a File Type Profile in the ATP Appliance UI to indicate which email attachment types to scan. Or, you can use the default profile.

The following steps show the minimum configuration. To configure the threat prevention policy for IMAP using the CLI on the SRX Series Firewall:

  1. Create the ATP Appliance policy.
    • In this example, the policy name is imappolicy1.

    • Associate the policy with the IMAP profile. In this example, it is the default_profile profile.

    • Configure your global threshold. If a verdict comes back equal to or higher than this threshold, then it is considered to be malware. In this example, the global threshold is set to 7.

    • Apply the IMAP protocol and turn on notification.

    • If the attachment has a verdict less than 7, create log entries.

    • When there is an error condition, send the email to the recipient and create a log entry.

  2. Configure the firewall policy to enable the advanced anti-malware application service.
  3. In this example, we will configure the reverse proxy.

    For reverse proxy:

    • Load the CA certificate.

    • Load the server certificates and their keys into the SRX Series Firewall certificate repository.

    • Attach the server certificate identifier to the SSL proxy profile.