Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

UTM for Logical Systems

Unified threat management (UTM) provides multiple security features and services for SRX Series devices on the network, protecting users from security threats in a simplified way. UTM secures the logical systems from viruses, malware, or malicious attachments by scanning the incoming data using Deep Packet Inspection and prevents access to unwanted websites by installing Enhanced Web Filtering (EWF).

Understanding UTM Features in Logical Systems

Unified Threat Management (UTM) in logical systems provides several security features such as antispam, antivirus, content filtering, and Web filtering to secure users from multiple Internet-borne threats. The advantage of UTM is streamlined installation and management of these multiple security capabilities. In logical systems the primary administrator configures the UTM features for the primary logical system. Configuring UTM features for logical systems is similar to configuring UTM features on a device that is not configured for logical systems.

The security features provided as part of the UTM solution are:

  • Antispam Filtering—E-mail spam consists of unwanted e-mail messages, usually sent by commercial, malicious, or fraudulent entities. The antispam feature examines transmitted e-mail messages to identify e-mail spam. The default antispam feature is configured at the primary logical system and it is applicable for all the user logical systems.

  • Content Filtering—Content filtering blocks or permits certain types of traffic based on the MIME type, file extension, protocol command, and embedded object type. The default content filtering feature is configured at the primary logical system and it is applicable for all the user logical systems.

  • Web Filtering—Web filtering lets you manage Internet usage by preventing access to inappropriate Web content. The default Web filtering feature is configured at the primary logical system, and the user logical systems inherit these default Web filtering configuration.

  • Sophos Antivirus—Sophos Antivirus scanning is offered as a less CPU-intensive alternative to the full file-based antivirus feature. Sophos Antivirus is as an in-the-cloud antivirus solution. The default antivirus feature is configured at the primary logical system, and the user logical systems inherit these default antivirus configuration.

You must configure the custom objects for the Web filtering, anti-spam, and content filtering features before configuring the UTM features. You can configure custom objects for each user logical system.

The predefined UTM default policy parameters for Web filtering, content filtering, antivirus, and antispam profiles are configured at the primary logical system. The user logical systems inherit the same antivirus and Web filtering features configured for the primary logical system. The options such as mime-whitelist and url-whitelist in antivirus profile, and address-blacklist and address-whitelist in antispam profile can be configured at the following hierarchy levels, respectively:

  • [edit security utm feature-profile anti-virus sophos-engine profile]

  • [edit security utm feature-profile anti-spam sbl profile]

The options url-whitelist and url-blacklist are not supported in the Web fiterling profile, you can use the custom category option to achieve the function.

Example: Configuring UTM for the Primary Logical System

This example shows how to configure the UTM features antivirus, antispam, content filtering, and Web filtering in the primary logical system. The primary administrator is responsible for assigning the UTM features to the user logical systems.

Requirements

This example uses the following hardware and software components:

  • SRX Series device configured with the logical systems.

  • Junos OS Release 18.3R1 and later releases.

Before you begin:

Overview

By default, all system resources are assigned to the primary logical system, and the primary administrator allocates them to the user logical systems. The primary administrator manages the device and the logical systems.

This example shows how to configure the UTM features described in Table 1 for the primary logical system.

Table 1: UTM Configuration Type, Steps, and Parameters

Configuration Type

Configuration Description

Configuration Parameter

Custom objects

Configure the MIME (Multipurpose Internet Mail Extension) types (my_blockmime01) to decide which traffic is allowed to bypass various types of scanning

[ multipart/ application/ ]

Define a set of file extensions (my_fileextlist01) that are used in file extension scan mode (scan-by-extension)

[ txt pl com zip ]

Configure a URL pattern list (black_list) of URLs or addresses that you want to block.

www.example.com

Configure a custom URL category (cust_black) of URLs or addresses that you want to block.

black_list

Antispam

Configure the antispam type server-based spam block list (SBL).

sbl

Antivirus

Configure the antivirus type Sophos Antivirus (sophos-engine) profile (mysav) scan option to scan specific types of traffic.

uri-check

Web filtering

Specify an action for Enhanced Web Filtering (EWF) (juniper-enhanced) profile (myewf), for requests that experience internal errors in the Web filtering module.

log-and-permit

In this procedure, you define custom objects, configure feature profiles for UTM features (antispam, antivirus, content filtering, and Web filtering), configure a UTM policy and attach feature profiles, and apply the UTM policy to the security policy as an application service. For more information, see the Unified Threat Management User Guide.

Configuration

CLI Quick Configuration

To quickly configure this example, log in to the primary logical system as the primary administrator, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Procedure

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

  1. Log in to the primary logical system as the primary administrator and enter configuration mode.

  2. Configure the custom objects for the primary logical system.

  3. Define the UTM default configuration for the primary logical system.

  4. Configure the feature profile for the primary logical system.

  5. Configure the UTM policy for the primary logical system.

  6. Configure the security policies for the primary logical system.

Results

From configuration mode, confirm your configuration by entering the show security command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying Antivirus Configuration

Purpose

Verify that the antivirus feature is configured for the primary logical system.

Action

From operational mode, enter the show security utm anti-virus statistics command to view the details of the antivirus feature configured for the primary logical system.

Meaning

The output displays the antisvirus statistics for the primary logical system.

Verifying Antispam Configuration

Purpose

Verify that the antispam feature is configured for the primary logical system.

Action

From operational mode, enter the show security utm anti-spam statistics command to view the details of the antispam feature configured for the primary logical system.

Meaning

The output displays the antispam statistics for the primary logical system.

Verifying Content Filtering Configuration

Purpose

Verify that the content filtering feature is configured for the primary logical system.

Action

From operational mode, enter the show security utm content-filtering statistics command to view the details of the content filtering feature configured for the primary logical system.

Meaning

The output displays the content filtering statistics for the primary logical system.

Verifying Web Filtering Configuration

Purpose

Verify that the Web filtering feature is configured for the primary logical system.

Action

From operational mode, enter the show security utm web-filtering statistics command to view the details of the Web filtering feature configured for the primary logical system.

Meaning

The output displays the Web filtering statistics for the primary logical system.

Example: Configuring UTM for a User Logical System

This example shows how to configure the UTM features antivirus, antispam, content filtering, and Web filtering for a user logical system. The primary administrator creates a user logical system and assigns an administrator for managing the user logical system. A user logical system can have multiple user logical system administrators.

Requirements

This example uses the following hardware and software components:

  • SRX Series device configured with the logical systems.

  • Junos OS Release 18.3R1 and later releases.

Before you begin:

Overview

The primary administrator assigns the UTM features antivirus, antispam, content filtering, and Web filtering to the user logical system. The user logical system administrator can configure and manage the UTM features for the user logical systems. The antispam, antivirus and Web filtering features are configured in the primary logical system are described in Table 2. All the user logical systems can use the same antispam, antivirus and Web filtering features with the same profile.

Table 2: UTM Configuration Type, Steps, and Parameters

Configuration Type

Configuration Description

Configuration Parameter

Custom objects

Configure a URL pattern (url1) of URL patterns that bypass scanning.

www.abc.com

Configure a custom URL category (cust1) of URLs or addresses list that bypass scanning.

url1

Configure a custom message type (redirect-url) to redirect traffic destined for protected sources.

http://www.example1.com.cn

Antispam

Configure antispam profile (as1) spam action.

block

Antivirus

Configure antivirus profile (sav1) fallback option.

log-and-permit

Configure antivirus profile (sav1) scan option.

uri-check

Web filtering

Configure Web filtering profile (ewf1) category (cust1) action.

block

Configure Web filtering profile (ewf1) category (cust1) custom message.

custmsg1

Configure Web filtering profile (ewf1) category (Enhanced_Search_Engines_and_Portals) action.

block

Specify an action for Enhanced Web Filtering (EWF) (juniper-enhanced) profile (ewf1), for requests that experience internal errors in the Web filtering module.

log-and-permit

Configuration

CLI Quick Configuration

To quickly configure this example, log in to the ls-product-design user logical system as the administrator, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Procedure

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

  1. Log in to the ls-product-design user logical system as the administrator and enter configuration mode.

  2. Configure the custom objects for the ls-product-design user logical system.

  3. Configure the feature profiles for the ls-product-design user logical system.

  4. Configure the UTM policy for the ls-product-design user logical system.

  5. Configure the security policies for the ls-product-design user logical system.

Results

From configuration mode, confirm your configuration by entering the show security command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying Antivirus Configuration

Purpose

Verify that the antivirus feature is configured for the ls-product-design user logical system.

Action

From operational mode, enter the show security utm anti-virus statistics command to view the antivirus statistics information for the ls-product-design user logical system.

Meaning

The output displays the antisvirus statistics information for the ls-product-design user logical system.

Verifying Antispam Configuration

Purpose

Verify that the antispam feature is configured for the ls-product-design user logical system.

Action

From operational mode, enter the show security utm anti-spam statistics command to view the antispam statistics information for the ls-product-design user logical system.

Meaning

The output displays the antispam statistics information for the ls-product-design user logical system.

Verifying Content Filtering Configuration

Purpose

Verify that the content filtering feature is configured for the ls-product-design user logical system.

Action

From operational mode, enter the show security utm content-filtering statistics command to view the content filtering statistics information for the ls-product-design user logical system.

Meaning

The output displays the content filtering statistics information for the ls-product-design user logical system.

Verifying Web Filtering Configuration

Purpose

Verify that the Web filtering feature is configured for the ls-product-design user logical system.

Action

From operational mode, enter the show security utm web-filtering statistics command to view the Web filtering statistics information for the ls-product-design user logical system.

Meaning

The output displays the Web filtering statistics information for the ls-product-design user logical system.