Create a Flow-Based Antivirus Profile
Create a flow-based antivirus profile to scan packets in real time without buffering the packets.
-
Select SRX > Security Subscriptions
> Flow-Based Antivirus.
The Flow-Based Antivirus Profiles page is displayed.
-
Click +.
The Create Flow-Based Antivirus Profile page is displayed.
-
Complete the configuration according to the guidelines provided in Table 1.
Table 1: Fields on the Flow-Based Antivirus Profiles Page Field
Description
Name
Enter a name containing maximum 63 alphanumeric characters without spaces.
The name can contain special characters, such as hyphens (-) and underscores (_).
Description
Enter a description for the flow-based antivirus profile containing maximum 255 characters.
Verdict threshold
Enter a threshold value between 1 and 10. Setting a higher value indicates that the file has a higher risk of containing a virus.
The threshold value determines when a file is considered malware. If the cloud service returns a file verdict equal to or higher than the configured threshold, then that file is considered a virus.
Action
Select the action to take when an infected file is detected.
Log files
Enable logging for all files that meet the following verdict threshold criteria.
-
Threat level lesser than verdict threshold
-
Threat level equals verdict threshold
Notification Options
Notification
Select one of the following methods to notify users about the virus:
-
File—Select a file to upload.
-
Message—Enter a message to display as a customized notification.
-
Redirect—Enter an HTTP URL redirection for a customized notification.
File name
Enter the filename and path where the customized file is located on the device. The files must be in the .php, .html, or .py format.
Message
Enter a message containing maximum 1023 characters for a customized notification when a virus is detected.
Redirect URL
Enter an HTTP URL redirection for a customized notification when a virus is detected.
Fallback Options
Fallback action
Select the action for the file regardless of its threat level.
Log
Enable this option to log the event.
Invalid content size
Select the action for the file if the content size exceeds 32 MB.
Log
Enable this option to log the event.
Out of resources
Select the action for the file if the service is out of resources.
Log
Enable this option to log the event.
Service not ready
Select the action for the file if the service is not ready.
Log
Enable this option to log the event.
-
-
Click OK to save the changes.
See the following topics for information about the flow-based antivirus profile's CLI-based configuration on the SRX Series Firewall: