UTM Overview
Unified Threat Management (UTM) provides multiple security features and services in a single device or service on the network, protecting users from security threats in a simplified way. UTM includes functions such as antivirus, antispam, content filtering, and web filtering. UTM secures the network from viruses, malware, or malicious attachments by scanning the incoming data using Deep Packet Inspection and prevents access to unwanted websites by installing Enhanced Web filtering. For more information, see the following topics:
Unified Threat Management Overview
Unified Threat Management (UTM) is a term used to describe the consolidation of several security features into one device, protecting against multiple threat types. The advantage of UTM is streamlined installation and management of these multiple security capabilities.
The security features provided as part of the UTM solution are:
Antispam Filtering— E-mail spam consists of unwanted e-mail messages, usually sent by commercial, malicious, or fraudulent entities. The antispam feature examines transmitted e-mail messages to identify e-mail spam. When the device detects an e-mail message deemed to be spam, it either drops the message or tags the message header or subject field with a preprogrammed string. The antispam feature uses a constantly updated spam block list (SBL). Sophos updates and maintains the IP-based SBL. The antispam feature is a separately licensed subscription service.
Content Filtering— Content filtering blocks or permits certain types of traffic based on the MIME type, file extension, protocol command, and embedded object type. Content filtering does not require a separate license.
Web Filtering— Web filtering lets you manage Internet usage by preventing access to inappropriate Web content. There are three types of Web filtering solutions. The integrated Web filtering solution, the decision-making for blocking or permitting Web access is done on the device after it identifies the category for a URL either from user-defined categories or from a category server (Websense provides the CPA Server). The integrated Web filtering feature is a separately licensed subscription service which is supported only on SRX Series devices. The redirect Web filtering solution intercepts HTTP requests and forwards the server URL to an external URL filtering server provided by Websense to determine whether to block or permit the requested Web access. Redirect Web filtering does not require a separate license. With Juniper Local Web Filtering, the decision-making for blocking or permitting Web access is done on the device after it identifies the category for a URL from user-defined categories stored on the device. With Local filtering, there is no additional Juniper license or remote category server required.
Starting with Junos OS Release 15.1X49-D60 and Junos OS Release 17.3R1, on SRX1500 Services Gateways and vSRX instances, UTM policies, profiles, MIME patterns, filename extensions, and protocol-command numbers are increased to 500; custom URL patterns and custom URL categories are increased to 1000.
Starting with Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, SRX4100 and SRX4200 devices support up to 500 UTM policies, profiles, MIME patterns, filename extensions, and protocol commands, and up to 1000 custom URL patterns and custom URL categories.
Starting with Junos OS Release 18.2R1, NFX150 devices support up to 500 UTM policies, profiles, MIME patterns, filename extensions, and protocol commands, and up to 1000 custom URL patterns and custom URL categories.
Starting with Junos OS Release 18.2R1, the following commands under the
[edit security utm feature-profile]
hierarchy level are deprecated:set web-filtering type
set web-filtering url-blacklist
set web-filtering url-whitelist
set web-filtering http-persist
set web-filtering http-reassemble
set web-filtering traceoptions
set web-filtering juniper-enhanced cache
set web-filtering juniper-enhanced reputation
set web-filtering juniper-enhanced query-type
set anti-virus mime-whitelist
set anti-virus url-whitelist
set anti-virus type
set anti-virus traceoptions
set anti-virus sophos-engine
set anti-spam address-blacklist
set anti-spam address-whitelist
set anti-spam traceoptions
set content-filtering traceoptions
Starting with Junos OS Release 18.4R3, on SRX1500, SRX4100, SRX4200, SRX4600, SRX4800, SRX5400, SRX5600, and SRX5800 devices, UTM policies, profiles, MIME patterns, filename extensions, protocol commands, and custom messages, are increased up to 1500. Custom URL patterns and custom URL categories are increased up to 3000.
This feature requires a license. To understand more about UTM Licensing, see, Understanding UTM Licensing. Please refer to the Juniper Licensing Guide for general information about License Management. Please refer to the product Data Sheets at SRX Series Services Gateways for details, or contact your Juniper Account Team or Juniper Partner.
Antivirus— The Avira antivirus module in the unified threat management (UTM) solution consists of a virus pattern database, an application proxy, a scan manager, and a configurable scan engine. The antivirus module on the SRX Series device scans specific application layer traffic to protect the user from virus attacks and to prevent viruses from spreading.
Understanding UTM Custom Objects
Before you can configure most UTM features, you must first configure the custom objects for the feature in question. Custom objects are global parameters for UTM features. This means that configured custom objects can be applied to all UTM policies where applicable, rather than only to individual policies.
The following UTM features make use of certain custom objects:
Web Filtering (see Example: Configuring Integrated Web Filtering)
Anti-Spam (see Server-Based Antispam Filtering Configuration Overview)
Content Filtering (see Content Filtering Configuration Overview)
Starting in Junos OS
Release 18.2R1, a new dynamic application policy match condition is
added to SRX Series devices, allowing an administrator to more effectively
control the behavior of Layer 7 applications. To accommodate Layer
7 application-based policies in UTM, the [edit security utm default-configuration]
hierarchy level is introduced. If any parameter in a specific UTM
feature profile configuration is not configured, then the corresponding
parameter from the UTM default configuration is applied. Additionally,
during the initial policy lookup phase which occurs prior to a dynamic
application being identified, if there are multiple policies present
in the potential policy list which contains different UTM profiles,
the SRX Series device applies the default UTM profile until a more
explicit match has occurred.