Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Anti-Virus Profiles for WAN Edge Devices

Read this topic to understand how to create anti-virus profiles and apply them in application policies on WAN Edge devices.

When you create an anti-virus profile, you're enabling Juniper Mist™ to inspect files for known malicious content. You can create different profiles to define different types of content to scan and different actions to take.

To implement a profile, you assign it to an application policy. By doing so, you integrate inline malware scanning directly into your traffic control rules. With this approach, you gain effective protection against viruses and other malicious content.

This feature requires relevant anti-virus license on the WAN Edge device.

When configuring antivirus profiles for Session Smart Routers, ensure your device is running version 6.3.5 or higher.

Create an Anti-Virus Profile

Before You Begin: Create your application policies. For help, see Application Policies.

To create an anti-virus profile:

  1. From the left menu, select Organization > WAN > Application Policy.
  2. Under Profiles, click the Anti-Virus tab. The page displays anti-virus profiles defined (if available).
  3. Click Add Anti-Virus Profile and enter the following details:
    • Name
    • Max. File Size—Enter the content size limit in kilobytes (KB). The range is 20 through 40,000 KB. The content size limit check occurs before the scan request is sent. The content size refers to accumulated TCP payload size.
    • Protocols—Select one more more protocols to include in this anti-virus profile.
    • URL White List—Enter a list of trusted websites or URLs to exclude from anti-virus scans.
    • Mime White List—Enter a list of specific file types, identified by their MIME headers, to exclude from anti-virus scans. Example: image/gif, audio/mp3, video/avi, application/zip, application/pdf, and so on.
  4. In the list of application policies, find the one that you want to apply your anti-virus policy to.
    For help creating an application policy, see Application Policies.
  5. In the IDP column, select an anti-virus policy.
  6. Optionally, also select available profiles:
    • Default—Scans files sent across HTTP, FTP, SMTP, POP3, and IMAP protocols.
    • HTTP(S)-only—Scans files sent across HTTP or HTTPS.
    • No-FTP—Excludes files sent across FTP from anti-virus scanning.
  7. Save the configuration changes.

View WAN Edge Device Status

In the Juniper Mist Portal, select WAN Edges > WAN Edges to view basic device monitoring information.

The Advanced Security section, located below the device ports, shows the status of security services. A green check mark (X) indicates that the service is active on the device.

Figure 1: Advanced Security Status Details Advanced Security Status Details

Below the Advanced Security section, you’ll find Properties pane that contains generalized platform-related information.

Click WAN Edge Events or navigate through Monitor > Insights and select the site and the WAN Edge that you want to view.

Click an event to see a summary on the right side of the page.