Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

UTM Overview

Unified Threat Management (UTM) provides multiple security features and services in a single device or service on the network, protecting users from security threats in a simplified way. UTM includes functions such as antivirus, antispam, content filtering, and web filtering. UTM secures the network from viruses, malware, or malicious attachments by scanning the incoming data using Deep Packet Inspection and prevents access to unwanted websites by installing Enhanced Web filtering. For more information, see the following topics:

Unified Threat Management Overview

Unified Threat Management (UTM) is a term used to describe the consolidation of several security features into one device, protecting against multiple threat types. The advantage of UTM is streamlined installation and management of these multiple security capabilities.

The security features provided as part of the UTM solution are:

  • Antispam Filtering— E-mail spam consists of unwanted e-mail messages, usually sent by commercial, malicious, or fraudulent entities. The antispam feature examines transmitted e-mail messages to identify e-mail spam. When the device detects an e-mail message deemed to be spam, it either drops the message or tags the message header or subject field with a preprogrammed string. The antispam feature uses a constantly updated spam block list (SBL). Sophos updates and maintains the IP-based SBL. The antispam feature is a separately licensed subscription service.

  • Content Filtering— Content filtering blocks or permits certain types of traffic based on the MIME type, file extension, protocol command, and embedded object type. Content filtering does not require a separate license.

  • Web Filtering— Web filtering lets you manage Internet usage by preventing access to inappropriate Web content. There are three types of Web filtering solutions. The integrated Web filtering solution, the decision-making for blocking or permitting Web access is done on the device after it identifies the category for a URL either from user-defined categories or from a category server (Websense provides the CPA Server). The integrated Web filtering feature is a separately licensed subscription service which is supported only on SRX Series devices. The redirect Web filtering solution intercepts HTTP requests and forwards the server URL to an external URL filtering server provided by Websense to determine whether to block or permit the requested Web access. Redirect Web filtering does not require a separate license. With Juniper Local Web Filtering, the decision-making for blocking or permitting Web access is done on the device after it identifies the category for a URL from user-defined categories stored on the device. With Local filtering, there is no additional Juniper license or remote category server required.

  • Starting with Junos OS Release 15.1X49-D60 and Junos OS Release 17.3R1, on SRX1500 Services Gateways and vSRX instances, UTM policies, profiles, MIME patterns, filename extensions, and protocol-command numbers are increased to 500; custom URL patterns and custom URL categories are increased to 1000.

    Starting with Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, SRX4100 and SRX4200 devices support up to 500 UTM policies, profiles, MIME patterns, filename extensions, and protocol commands, and up to 1000 custom URL patterns and custom URL categories.

    Starting with Junos OS Release 18.2R1, NFX150 devices support up to 500 UTM policies, profiles, MIME patterns, filename extensions, and protocol commands, and up to 1000 custom URL patterns and custom URL categories.

    Starting with Junos OS Release 18.2R1, the following commands under the [edit security utm feature-profile] hierarchy level are deprecated:

    • set web-filtering type

    • set web-filtering url-blacklist

    • set web-filtering url-whitelist

    • set web-filtering http-persist

    • set web-filtering http-reassemble

    • set web-filtering traceoptions

    • set web-filtering juniper-enhanced cache

    • set web-filtering juniper-enhanced reputation

    • set web-filtering juniper-enhanced query-type

    • set anti-virus mime-whitelist

    • set anti-virus url-whitelist

    • set anti-virus type

    • set anti-virus traceoptions

    • set anti-virus sophos-engine

    • set anti-spam address-blacklist

    • set anti-spam address-whitelist

    • set anti-spam traceoptions

    • set content-filtering traceoptions

    Starting with Junos OS Release 18.4R3, on SRX1500, SRX4100, SRX4200, SRX4600, SRX4800, SRX5400, SRX5600, and SRX5800 devices, UTM policies, profiles, MIME patterns, filename extensions, protocol commands, and custom messages, are increased up to 1500. Custom URL patterns and custom URL categories are increased up to 3000.

    This feature requires a license. To understand more about UTM Licensing, see, Understanding UTM Licensing. Please refer to the Juniper Licensing Guide for general information about License Management. Please refer to the product Data Sheets at SRX Series Services Gateways for details, or contact your Juniper Account Team or Juniper Partner.

  • Antivirus— The Avira antivirus module in the unified threat management (UTM) solution consists of a virus pattern database, an application proxy, a scan manager, and a configurable scan engine. The antivirus module on the SRX Series device scans specific application layer traffic to protect the user from virus attacks and to prevent viruses from spreading.

Understanding UTM Custom Objects

Before you can configure most UTM features, you must first configure the custom objects for the feature in question. Custom objects are global parameters for UTM features. This means that configured custom objects can be applied to all UTM policies where applicable, rather than only to individual policies.

The following UTM features make use of certain custom objects:

Starting in Junos OS Release 18.2R1, a new dynamic application policy match condition is added to SRX Series devices, allowing an administrator to more effectively control the behavior of Layer 7 applications. To accommodate Layer 7 application-based policies in UTM, the [edit security utm default-configuration] hierarchy level is introduced. If any parameter in a specific UTM feature profile configuration is not configured, then the corresponding parameter from the UTM default configuration is applied. Additionally, during the initial policy lookup phase which occurs prior to a dynamic application being identified, if there are multiple policies present in the potential policy list which contains different UTM profiles, the SRX Series device applies the default UTM profile until a more explicit match has occurred.

Release History Table
Release
Description
18.4R3
Starting with Junos OS Release 18.4R3, on SRX1500, SRX4100, SRX4200, SRX4600, SRX4800, SRX5400, SRX5600, and SRX5800 devices, UTM policies, profiles, MIME patterns, filename extensions, protocol commands, and custom messages, are increased up to 1500. Custom URL patterns and custom URL categories are increased up to 3000
18.2R1
Starting with Junos OS Release 18.2R1, NFX150 devices support up to 500 UTM policies, profiles, MIME patterns, filename extensions, and protocol commands, and up to 1000 custom URL patterns and custom URL categories.
18.2R1
Starting with Junos OS Release 18.2R1, the following commands under the [edit security utm feature-profile] hierarchy level are deprecated:
18.2R1
Starting in Junos OS Release 18.2R1, a new dynamic application policy match condition is added to SRX Series devices, allowing an administrator to more effectively control the behavior of Layer 7 applications. To accommodate Layer 7 application-based policies in UTM, the [edit security utm default-configuration] hierarchy level is introduced. If any parameter in a specific UTM feature profile configuration is not configured, then the corresponding parameter from the UTM default configuration is applied. Additionally, during the initial policy lookup phase which occurs prior to a dynamic application being identified, if there are multiple policies present in the potential policy list which contains different UTM profiles, the SRX Series device applies the default UTM profile until a more explicit match has occurred.
15.1X49-D70
Starting with Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, SRX4100 and SRX4200 devices support up to 500 UTM policies, profiles, MIME patterns, filename extensions, and protocol commands, and up to 1000 custom URL patterns and custom URL categories.
15.1X49-D60
Starting with Junos OS Release 15.1X49-D60 and Junos OS Release 17.3R1, on SRX1500 Services Gateways and vSRX instances, UTM policies, profiles, MIME patterns, filename extensions, and protocol-command numbers are increased to 500; custom URL patterns and custom URL categories are increased to 1000.