content-filtering (Security UTM Policy)
Syntax
content-filtering {
ftp {
download-profile profile-name;
upload-profile profile-name;
}
http-profile profile-name;
imap-profile profile-name;
pop3-profile profile-name;
smtp-profile profile-name;
rule-set rule-set-name { rule rule-name {
match {
application any; /*http, pop3, impa, smtp, ftp */
direction any; /* upload or download */
file-type exe; /*predetected file types*/
}
then {
action {
no-action; /* No action */
/* block Block and drop connection */
/* close-client Close client */
/* close-server Close server */
/* close-client-and-server Close client and server */
}
notification {
log; /* event logging */
endpoint { /* endpoint notification options */
type protocol-only;
notify-mail-sender;
custom-message "CF Blocks content";
}
}
Hierarchy Level
[edit security utm default-configuration] [edit security utm utm-policy policy-name] [edit logical-systems logical-systems-name security utm utm-policy policy-name] [edit tenants tenant-name security utm utm-policy policy-name]
Description
Configures a UTM policy for the content filtering protocols and attach this policy to a security profile to implement it. Each supported protocol may implement available content filters differently. Not all filtering capabilities are supported for each protocol. The HTTP protocol supports all content filtering features. The FTP protocol supports only lock Extension List and Protocol Command Block List. The e-mail protocols (SMTP, IMAP, POP3) supports limited to Block Extension List, Protocol Command Block List, and MIME Pattern Filtering.
Options
The statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Starting in Junos OS Release 21.4R1, content filtering is performed by detecting the
file content and not the file extensions. We have introduced the rule-set and rules
configurations under the [edit security utm utm-policy
<utm-policy-name> content-filtering] hierarchy level. These rules
and rule-set allows you to configure direction specific content filters and
connection reset.
So, content filtering options based on mime-type, content-type, and protocol command
is not supported. After you upgrade to Junos OS Release 21.4R1, previously existing
file extension based content filtering options under the [edit security utm
utm-policy <utm-policy-name> content-filtering] hierarchy are no
more available for configuration.
Junos OS Release 21.4R1 allows you to use legacy functionality if you don’t want to migrate to this modern functionality. You will be allowed to use the legacy configurations but all the legacy configuration knobs are deprecated and are hidden. Also, you will receive system logs and error message warnings when you use all the legacy deprecated knobs.
Statement introduced in Junos OS Release 9.5.
The [edit security utm default-configuration] hierarchy level is
introduced in Junos OS Release 18.2R1.
Support for configuration in logical systems introduced in Junos OS Release 18.3R1.
Support for configuration in tenant systems introduced in Junos OS Release 19.2R1.