Configure Encrypted Traffic Insights
To enable encrypted traffic insights on SRX Series Firewalls, include the following CLI configurations:
- Configure the advanced-anti-malware (AAMW)
policy.
set services advanced-anti-malware policy aamw http inspection-profile default_profile set services advanced-anti-malware policy aamw http file-verdict-unknown permit set services advanced-anti-malware policy aamw http action permit set services advanced-anti-malware policy aamw http client-notify message dsdssd set services advanced-anti-malware policy aamw http notification log set services advanced-anti-malware policy aamw smtp inspection-profile default_profile set services advanced-anti-malware policy aamw smtp notification log set services advanced-anti-malware policy aamw imap inspection-profile default_profile set services advanced-anti-malware policy aamw imap notification log set services advanced-anti-malware policy aamw verdict-threshold 5 set services advanced-anti-malware policy aamw inspection-profile default_profile set services advanced-anti-malware policy aamw fallback-options action permit set services advanced-anti-malware policy aamw fallback-options notification log set services advanced-anti-malware policy aamw default-notification log set services advanced-anti-malware policy aamw whitelist-notification log set services advanced-anti-malware policy aamw blacklist-notification log
- Configure the SecIntel profile and
policy.
set services security-intelligence profile secintel_profile category CC set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 1 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 2 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 3 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 4 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 5 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 6 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 7 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 8 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 9 set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 10 set services security-intelligence profile secintel_profile rule secintel_rule then action block drop set services security-intelligence profile secintel_profile rule secintel_rule then log set services security-intelligence profile secintel_profile default-rule then action block drop set services security-intelligence profile secintel_profile default-rule then log set services security-intelligence profile ih_profile category Infected-Hosts set services security-intelligence profile ih_profile rule ih_rule match threat-level 1 set services security-intelligence profile ih_profile rule ih_rule match threat-level 2 set services security-intelligence profile ih_profile rule ih_rule match threat-level 3 set services security-intelligence profile ih_profile rule ih_rule match threat-level 4 set services security-intelligence profile ih_profile rule ih_rule match threat-level 5 set services security-intelligence profile ih_profile rule ih_rule match threat-level 6 set services security-intelligence profile ih_profile rule ih_rule match threat-level 7 set services security-intelligence profile ih_profile rule ih_rule match threat-level 8 set services security-intelligence profile ih_profile rule ih_rule match threat-level 9 set services security-intelligence profile ih_profile rule ih_rule match threat-level 10 set services security-intelligence profile ih_profile rule ih_rule then action block drop set services security-intelligence profile ih_profile rule ih_rule then log set services security-intelligence policy secintel_policy Infected-Hosts ih_profile set services security-intelligence policy secintel_policy CC secintel_profile set services security-metadata-streaming policy sms_policy http action permit
-
Configure the security-metadata-streaming policy.
set services security-metadata-streaming policy sms_policy http detections encryptedc2 action permit set services security-metadata-streaming policy sms_policy http detections encryptedc2 notification log
-
Attach the security-metadata-streaming policy to a security firewall policy.
set security forwarding-process enhanced-services-mode set security policies from-zone trust to-zone untrust policy 1 match source-address any set security policies from-zone trust to-zone untrust policy 1 match destination-address any set security policies from-zone trust to-zone untrust policy 1 match application any set security policies from-zone trust to-zone untrust policy 1 then permit application-services security-intelligence-policy secintel_policy set security policies from-zone trust to-zone untrust policy 1 then permit application-services advanced-anti-malware-policy aamw set security policies from-zone trust to-zone untrust application-services security-metadata-streaming-policy sms_policy set security policies from-zone untrust to-zone trust policy 1 match source-address any set security policies from-zone untrust to-zone trust policy 1 match destination-address any set security policies from-zone untrust to-zone trust policy 1 match application any set security policies from-zone untrust to-zone trust policy 1 then permit application-services security-intelligence-policy secintel_policy set security policies from-zone untrust to-zone trust policy 1 then permit application-services advanced-anti-malware-policy aamw set security policies from-zone untrust to-zone trust application-services security-metadata-streaming-policy sms_policy
Use the show services security-metadata-streaming
http
statistics command to view the statistics of security
metadata streaming policy.
show services security-metadata-streaming http statistics
user@host> show services security-metadata-streaming http statistics Security Metadata Streaming session statistics: Session inspected: 10 Session whitelisted: 0 Session detected: 6 Security Metadata Streaming submission statistics: Records submission success: 8 Records submission failure: 2
To view the list of servers that are allowlisted for encrypted traffic insights, use
the show services security-metadata-streaming
http
whitelist command.
show services security-metadata-streaming http whitelist
user@host> show services security-metadata-streaming http whitelist No. IP-start IP-end Feed Address 1 192 0.5.0 192.0.5.1 eta_custom_whitelist ID-80001400