default-configuration
Syntax
utm {
default-configuration {
anti-spam {
address-blacklist;
address-whitelist;
sbl {
custom-tag-string;
(sbl-default-server | no-sbl-default-server);
spam-action (block | tag-header | tag-subject);
}
traceoptions {
flag name;
}
type (anti-spam-none | sbl);
}
anti-virus {
mime-whitelist {
exception;
list;
}
sophos-engine {
fallback-options {
content-size (block | log-and-permit | permit);
default (block | log-and-permit | permit);
engine-not-ready (block | log-and-permit | permit);
out-of-resources (block | log-and-permit | permit);
timeout (block | log-and-permit | permit);
too-many-requests (block | log-and-permit | permit);
}
forwarding-mode {
hold;
inline-tap;
}
notification-options {
fallback-block {
custom-message;
custom-message-subject;
(notify-mail-sender | no-notify-mail-sender);
type (message | protocol-only);
}
fallback-non-block {
custom-message;
custom-message-subject;
(notify-mail-recipient | no-notify-mail-recipient);
}
virus-detection {
custom-message;
custom-message-subject;
(notify-mail-sender | no-notify-mail-sender);
type (message | protocol-only);
}
}
pattern-update {
email-notify {
admin-email;
custom-message;
custom-message-subject;
}
interval;
no-autoupdate;
proxy {
password;
port;
server;
username;
}
routing-instance;
url;
}
scan-options {
content-size-limit;
timeout seconds;
(uri-check | no-uri-check);
}
server {
ip;
routing-instance;
}
sxl-retry;
sxl-timeout seconds;
trickling timeout;
}
traceoptions {
flag name;
}
url-whitelist;
}
content-filtering {
block-command;
block-content-type {
activex;
exe;
http-cookie;
java-applet;
zip;
}
block-extension;
block-mime {
exception;
list;
}
notification-options {
custom-message;
(notify-mail-sender | no-notify-mail-sender);
seclog; /* New event logging global setting */
type (message | protocol-only);
} permit-command;
traceoptions {
flag name;
}
rule-set rule-set-name { /* New provision to add to default rules */
rule rule-name {
}
}
type (content-filtering-none | local);
}
web-filtering {
http-persist;
http-reassemble;
juniper-enhanced {
base-filter;
block-message {
type custom-redirect-url;
url;
}
cache {
size kilobytes;
timeout minutes;
}
category name {
action (block | log-and-permit | permit | quarantine);
custom-message;
}
custom-block-message;
default (block | log-and-permit | permit | quarantine);
fallback-settings {
default (block | log-and-permit);
server-connectivity (block | log-and-permit);
timeout (block | log-and-permit);
too-many-requests (block | log-and-permit);
}
no-safe-search;
quarantine-custom-message;
quarantine-message {
type custom-redirect-url;
url;
}
reputation {
reputation-fairly-safe;
reputation-moderately-safe;
reputation-suspicious;
reputation-very-safe;
}
server {
host;
port;
routing-instance;
}
site-reputation-action {
fairly-safe (block | log-and-permit | permit | quarantine);
harmful (block | log-and-permit | permit | quarantine);
moderately-safe (block | log-and-permit | permit | quarantine);
suspicious (block | log-and-permit | permit | quarantine);
very-safe (block | log-and-permit | permit | quarantine);
}
timeout seconds;
}
juniper-local {
block-message {
type custom-redirect-url;
url;
}
category name {
action (block | log-and-permit | permit | quarantine);
custom-message;
}
custom-block-message;
default (block | log-and-permit | permit);
fallback-settings {
default (block | log-and-permit);
server-connectivity (block | log-and-permit);
timeout (block | log-and-permit);
too-many-requests (block | log-and-permit);
}
quarantine-custom-message;
quarantine-message {
type custom-redirect-url;
url;
}
timeout seconds;
}
traceoptions {
flag name;
}
url-blacklist;
url-whitelist;
websense-redirect {
account;
block-message {
type custom-redirect-url;
url;
}
category name {
action (block | log-and-permit | permit | quarantine);
custom-message;
}
custom-block-message;
fallback-settings {
default (block | log-and-permit);
server-connectivity (block | log-and-permit);
timeout (block | log-and-permit);
too-many-requests (block | log-and-permit);
}
quarantine-custom-message;
quarantine-message {
type custom-redirect-url;
url;
}
server {
host;
port;
routing-instance;
}
sockets;
timeout seconds;
}
}
}
application-proxy;
custom-objects;
feature-profile;
traceoptions;
utm-policy junos-default-utm-policy;
}
}
Hierarchy Level
[edit security utm]
Description
The UTM default configuration is used in two scenarios.
UTM default configuration for unified policies—For security policies that enable UTM with no custom UTM policy defined, the default UTM policy will be used.
UTM default configuration for existing UTM policies—For existing security policies that have a UTM policy enabled, the default UTM policy will NOT be used.
Options
default-configuration |
Global default UTM configurations. |
anti-spam |
Configure the default UTM configuration for antispam feature profile. |
anti-virus |
Configure the default UTM configuration for antivirus feature profile. |
content-filtering |
Configure the default UTM configuration for content filtering feature profile. |
web-filtering |
Configure the default UTM configuration for Web filtering feature profile. |
utm-policy |
Configure a UTM policy for antivirus, antispam, content filtering, traffic options, and Web filtering protocols and attach this policy to a security profile to implement it. |
traceoptions |
Define tracing operations for UTM features. |
feature-profile |
Configure UTM features, antivirus, antispam, content filtering, and Web filtering by creating feature profiles. |
application-proxy |
Application proxy settings. |
custom-objects |
Configure custom objects before configuring UTM feature-profile features. Custom category does not take precedence over predefined categories when it has the same name as one of the predefined categories. It is not recommended to have a custom category name be the same as the predefined category name. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Starting in Junos OS Release 21.4R1, the rule-set and rules configurations introduced
under the [edit security utm utm-policy <utm-policy-name>
content-filtering] hierarchy level can be used from [edit
security utm default-configuration content-filtering hierarchy.
Content filtering options based on mime-type, content-type, and protocol command is
not supported. After you upgrade to Junos OS Release 21.4R1, previously existing
file extension based content filtering options under the [edit security utm
utm-policy <utm-policy-name> content-filtering] hierarchy are no
more available for configuration.
Junos OS Release 21.4R1 allows you to use legacy functionality if you don’t want to migrate to this modern functionality. You will be allowed to use the legacy configurations but all the legacy configuration knobs are deprecated and are hidden. Also, you will receive system logs and error message warnings when you use all the legacy deprecated knobs.
Statement introduced in Junos OS Release 18.2R1.