Security Utm Overview
-
Upload
sirm-sitai -
Category
Documents
-
view
16 -
download
2
description
Transcript of Security Utm Overview
-
JunosOS
UTMOverview Feature Guide for Security Devices
Release
12.1X46-D10
Published: 2013-11-19
Copyright 2013, Juniper Networks, Inc.
-
Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.net
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
JunosOS UTMOverview Feature Guide for Security Devices12.1X46-D10Copyright 2013, Juniper Networks, Inc.All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (EULA) posted athttp://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions ofthat EULA.
Copyright 2013, Juniper Networks, Inc.ii
-
Table of ContentsAbout the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiSupported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiUsing the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiMerging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixDocumentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiRequesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiOpening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Part 1 OverviewChapter 1 UTM Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Unified Threat Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Understanding UTM Custom Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 2 UTM Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Understanding UTM Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 3 WELF Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Understanding WELF Logging for UTM Features . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 4 Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Understanding UTM Support for Active/Active Chassis Cluster . . . . . . . . . . . . . . . 11Understanding Chassis Cluster support for UTM Modules . . . . . . . . . . . . . . . . . . . 13
Part 2 ConfigurationChapter 5 UTM Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Updating UTM Licenses (CLI Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 6 WELF Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Example: Configuring WELF Logging for UTM Features . . . . . . . . . . . . . . . . . . . . . 21
Chapter 7 Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Security Configuration Statement Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25[edit security utm] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26application-proxy (Security UTM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34log (Security) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35format (Security Log Stream) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37category (Security Logging) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
iiiCopyright 2013, Juniper Networks, Inc.
-
content-filtering (Security UTM Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39limit (UTM Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39ipc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40sessions-per-client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41smtp-profile (Security UTM Policy Antispam) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41traffic-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42traceoptions (Security Application Proxy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43traceoptions (Security UTM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44utm-policy (Application Services) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Part 3 AdministrationChapter 8 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
clear security utm session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50request system license update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51show configuration smtp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52show security utm status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53show security log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Part 4 IndexIndex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Copyright 2013, Juniper Networks, Inc.iv
UTMOverview Feature Guide for Security Devices
-
List of TablesAbout the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixTable 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Part 1 OverviewChapter 2 UTM Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Table 3: UTM Feature Subscription Service License Requirements . . . . . . . . . . . . . 7
Chapter 4 Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Table 4: Web Filtering Mechanisms for Chassis Cluster Support . . . . . . . . . . . . . . 14
Part 3 AdministrationChapter 8 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Table 5: show configuration smtp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Table 6: show security log Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
vCopyright 2013, Juniper Networks, Inc.
-
Copyright 2013, Juniper Networks, Inc.vi
UTMOverview Feature Guide for Security Devices
-
About the Documentation
Documentation and Release Notes on page vii
Supported Platforms on page vii
Using the Examples in This Manual on page viii
Documentation Conventions on page ix
Documentation Feedback on page xi
Requesting Technical Support on page xi
Documentation and Release Notes
To obtain the most current version of all Juniper Networks technical documentation,see the product documentation page on the Juniper Networks website athttp://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in thedocumentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subjectmatter experts. These books go beyond the technical documentation to explore thenuances of network architecture, deployment, and administration. The current list canbe viewed at http://www.juniper.net/books.
Supported Platforms
For the features described in this document, the following platforms are supported:
J Series
SRX100
SRX110
SRX210
SRX220
SRX240
SRX550
SRX650
viiCopyright 2013, Juniper Networks, Inc.
-
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the loadmerge or the loadmerge relative command. These commands cause the software to merge the incomingconfiguration into the current candidate configuration. The example does not becomeactive until you commit the candidate configuration.
If the example configuration contains the top level of the hierarchy (or multiplehierarchies), the example is a full example. In this case, use the loadmerge command.
If the example configuration does not start at the top level of the hierarchy, the exampleis a snippet. In this case, use the loadmerge relative command. These procedures aredescribed in the following sections.
Merging a Full Example
Tomerge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into atext file, save the file with a name, and copy the file to a directory on your routingplatform.
For example, copy the following configuration toa file andname the file ex-script.conf.Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system {scripts {commit {file ex-script.xsl;
}}
}interfaces {fxp0 {disable;unit 0 {family inet {address 10.0.0.1/24;
}}
}}
2. Merge the contents of the file into your routing platform configuration by issuing theloadmerge configuration mode command:
[edit]user@host# loadmerge /var/tmp/ex-script.confload complete
Copyright 2013, Juniper Networks, Inc.viii
UTMOverview Feature Guide for Security Devices
-
Merging a Snippet
Tomerge a snippet, follow these steps:
1. From the HTML or PDF version of themanual, copy a configuration snippet into a textfile, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the fileex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directoryon your routing platform.
commit {file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the followingconfiguration mode command:
[edit]user@host# edit system scripts[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing theloadmerge relative configuration mode command:
[edit system scripts]user@host# loadmerge relative /var/tmp/ex-script-snippet.confload complete
For more information about the load command, see the CLI User Guide.
Documentation Conventions
Table 1 on page ix defines notice icons used in this guide.
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Table 2 on page x defines the text and syntax conventions used in this guide.
ixCopyright 2013, Juniper Networks, Inc.
About the Documentation
-
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type theconfigure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on theterminal screen.
Fixed-width text like this
A policy term is a named structurethat defines match conditions andactions.
Junos OS CLI User Guide
RFC 1997,BGPCommunities Attribute
Introduces or emphasizes importantnew terms.
Identifies guide names.
Identifies RFC and Internet draft titles.
Italic text like this
Configure themachines domain name:
[edit]root@# set system domain-namedomain-name
Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.
Italic text like this
To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.
Theconsoleport is labeledCONSOLE.
Represents names of configurationstatements, commands, files, anddirectories; configurationhierarchy levels;or labels on routing platformcomponents.
Text like this
stub ;Encloses optional keywords or variables.< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between themutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame lineas theconfiguration statementto which it applies.
# (pound sign)
community namemembers [community-ids ]
Encloses a variable for which you cansubstitute one or more values.
[ ] (square brackets)
[edit]routing-options {static {route default {nexthop address;retain;
}}
}
Identifies a level in the configurationhierarchy.
Indention and braces ( { } )
Identifies a leaf statement at aconfiguration hierarchy level.
; (semicolon)
GUI Conventions
Copyright 2013, Juniper Networks, Inc.x
UTMOverview Feature Guide for Security Devices
-
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
In the Logical Interfaces box, selectAll Interfaces.
To cancel the configuration, clickCancel.
Representsgraphicaluser interface(GUI)items you click or select.
Bold text like this
In the configuration editor hierarchy,select Protocols>Ospf.
Separates levels in a hierarchy of menuselections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we canimprove the documentation. You can send your comments [email protected], or fill out the documentation feedback form athttps://www.juniper.net/cgi-bin/docbugreport/ . If you are using e-mail, be sure to includethe following information with your comments:
Document or topic name
URL or page number
Software release version (if applicable)
Requesting Technical Support
Technical product support is available through the JuniperNetworksTechnicalAssistanceCenter (JTAC). If you are a customer with an active J-Care or JNASC support contract,or are covered under warranty, and need post-sales technical support, you can accessour tools and resources online or open a case with JTAC.
JTAC policiesFor a complete understanding of our JTAC procedures and policies,review the JTAC User Guide located athttp://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
Product warrantiesFor product warranty information, visithttp://www.juniper.net/support/warranty/.
JTAC hours of operationThe JTAC centers have resources available 24 hours a day,7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an onlineself-service portal called the Customer Support Center (CSC) that provides youwith thefollowing features:
Find CSC offerings: http://www.juniper.net/customers/support/
Search for known bugs: http://www2.juniper.net/kb/
xiCopyright 2013, Juniper Networks, Inc.
About the Documentation
-
Find product documentation: http://www.juniper.net/techpubs/
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
Download the latest versions of software and review release notes:http://www.juniper.net/customers/csc/software/
Search technical bulletins for relevant hardware and software notifications:https://www.juniper.net/alerts/
Join and participate in the Juniper Networks Community Forum:http://www.juniper.net/company/communities/
Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Casewith JTAC
You can open a case with JTAC on theWeb or by telephone.
Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, seehttp://www.juniper.net/support/requesting-support.html.
Copyright 2013, Juniper Networks, Inc.xii
UTMOverview Feature Guide for Security Devices
-
PART 1
Overview UTM Basics on page 3
UTM Licensing on page 7
WELF Logging on page 9
Chassis Cluster on page 11
1Copyright 2013, Juniper Networks, Inc.
-
Copyright 2013, Juniper Networks, Inc.2
UTMOverview Feature Guide for Security Devices
-
CHAPTER 1
UTM Basics
Unified Threat Management Overview on page 3
Understanding UTM CustomObjects on page 5
Unified Threat Management Overview
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
UnifiedThreatManagement (UTM) isa termused todescribe theconsolidationof severalsecurity features intoonedevice, protectingagainstmultiple threat types. TheadvantageofUTM isstreamlined installationandmanagementof thesemultiple security capabilities.
The security features provided as part of the UTM solution are:
AntispamFilteringE-mail spam consists of unwanted e-mailmessages, usually sentby commercial, malicious, or fraudulent entities. The antispam feature examinestransmitted e-mail messages to identify e-mail spam.When the device detects ane-mail message deemed to be spam, it either drops themessage or tags themessageheader or subject field with a preprogrammed string. The antispam feature uses aconstantlyupdatedspamblock list (SBL).Sophosupdatesandmaintains the IP-basedSBL. The antispam feature is a separately licensed subscription service.
Content FilteringContent filtering blocks or permits certain types of traffic based ontheMIME type, file extension, protocol command, and embedded object type. Contentfiltering does not require a separate license.
Web FilteringWeb filtering lets youmanage Internet usage by preventing access toinappropriateWeb content. There are three types ofWeb filtering solutions. In the caseof the integratedWeb filtering solution, the decision-making for blocking or permittingWeb access is done on the device after it identifies the category for a URL either fromuser-definedcategoriesor fromacategoryserver (Websenseprovides theCPAServer).The integratedWeb filtering feature is a separately licensed subscription service. Theredirect Web filtering solution intercepts HTTP requests and forwards the server URLto an external URL filtering server provided byWebsense to determine whether toblock or permit the requestedWeb access. Redirect Web filtering does not require aseparate license. With Juniper Local Web Filtering, the decision-making for blockingor permittingWebaccess is done on the device after it identifies the category for aURLfrom user-defined categories stored on the device. With Local filtering, there is noadditional Juniper license or remote category server required.
3Copyright 2013, Juniper Networks, Inc.
-
Full File-Based AntivirusA virus is executable code that infects or attaches itself toother executable code to reproduce itself. Somemalicious viruses erase files or lockup systems.Other virusesmerely infect files and overwhelm the target host or networkwith bogus data. The full file-based antivirus feature provides file-based scanning onspecificApplicationLayer traffic checking for virusesagainst a virus signaturedatabase.It collects the received data packets until it has reconstructed the original applicationcontent, such as an e-mail file attachment, and then scans this content. KasperskyLab provides the internal scan engine. The full file-based antivirus scanning feature isa separately licensed subscription service.
Express AntivirusExpress antivirus scanning is offered as a less CPU intensivealternative to the full file-based antivirus feature. The express antivirus feature, likethe full antivirus feature, scans specific Application Layer traffic for viruses against avirus signature database. However, unlike full antivirus, express antivirus does notreconstruct theoriginal application content. Rather, it just sends (streams) the receiveddata packets, as is, to the scan engine. With express antivirus, the virus scanning isexecuted by a hardware pattern matching engine. This improves performance whilescanning is occurring, but the level of security provided is lessened. Juniper Networksprovides the scanengine. Theexpressantivirus scanning feature is a separately licensedsubscription service.
Sophos AntivirusSophos antivirus scanning is offered as a less CPU-intensivealternative to the full file-based antivirus feature. Sophos supports the sameprotocolsas full antivirus and functions in much the samemanner; however, it has a smallermemory footprint and is compatible with lower end devices that have less memory.Sophosantivirus is asan in-the-cloudantivirus solution.Theviruspatternandmalwaredatabase is located on external servers maintained by Sophos (Sophos ExtensibleList) servers, thus there is no need to download andmaintain large pattern databaseson the Juniper device. The Sophos antivirus scanner also uses a local internal cacheto maintain query responses from the external list server to improve lookupperformance.
NOTE: The sessions-per-client limit CLI command, which imposes a sessionthrottle to prevent amalicious user from generating large amounts of trafficsimultaneously, supports the antispam, content filtering, and antivirus UTMfeatures. It does not supportWeb filtering.
RelatedDocumentation
Junos OS UTM Library for Security Devices
Understanding UTM CustomObjects on page 5
Understanding UTM Licensing on page 7
Updating UTM Licenses (CLI Procedure) on page 19
UnderstandingWELF Logging for UTM Features on page 9
Example: ConfiguringWELF Logging for UTM Features on page 21
Copyright 2013, Juniper Networks, Inc.4
UTMOverview Feature Guide for Security Devices
-
Understanding UTMCustomObjects
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Before youcanconfiguremostUTMfeatures, youmust first configure the customobjectsfor the feature in question. Custom objects are global parameters for UTM features. Thismeans that configured custom objects can be applied to all UTM policies whereapplicable, rather than only to individual policies.
The following UTM features make use of certain custom objects:
Anti-Virus (see Full Antivirus Pattern Update Configuration Overview)
Web Filtering (see Example: Configuring IntegratedWeb Filtering)
Anti-Spam (see Server-Based Antispam Filtering Configuration Overview)
Content Filtering (see Content Filtering Configuration Overview)
RelatedDocumentation
Junos OS UTM Library for Security Devices
Unified Threat Management Overview on page 3
Understanding UTM Licensing on page 7
Updating UTM Licenses (CLI Procedure) on page 19
UnderstandingWELF Logging for UTM Features on page 9
Example: ConfiguringWELF Logging for UTM Features on page 21
5Copyright 2013, Juniper Networks, Inc.
Chapter 1: UTM Basics
-
Copyright 2013, Juniper Networks, Inc.6
UTMOverview Feature Guide for Security Devices
-
CHAPTER 2
UTM Licensing
Understanding UTM Licensing on page 7
Understanding UTM Licensing
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Themajority of UTM features function as a subscription service requiring a license. Youcan redeem this license once you have purchased your subscription license SKUs. Youredeem your license by entering your authorization code and chassis serial number intothe Customer Service LMS interface. Once your entitlement is generated, you can usethe CLI from your device to send a license update request to the LMS server. The LMSserver then sends your subscription license directly to the device.
NOTE: UTM requires 1 GB of memory. If your J2320, J2350, or J4350 devicehas only 512 MB ofmemory, youmust upgrade thememory to 1 GB to runUTM.
Table 3: UTM Feature Subscription Service License Requirements
Requires LicenseUTM Feature
YesAntispam
YesAntivirus: full
YesAntivirus: express
NoContent Filtering
YesWeb Filtering: integrated
NoWeb Filtering: redirect
NoWeb Filtering: local
RelatedDocumentation
Unified Threat Management Overview on page 3
7Copyright 2013, Juniper Networks, Inc.
-
Junos OS UTM Library for Security Devices
Understanding UTM CustomObjects on page 5
Updating UTM Licenses (CLI Procedure) on page 19
UnderstandingWELF Logging for UTM Features on page 9
Example: ConfiguringWELF Logging for UTM Features on page 21
Copyright 2013, Juniper Networks, Inc.8
UTMOverview Feature Guide for Security Devices
-
CHAPTER 3
WELF Logging
UnderstandingWELF Logging for UTM Features on page 9
UnderstandingWELF Logging for UTM Features
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
UTM features support theWELF standard. TheWELF Reference defines theWebTrendsindustry standard log fileexchange format.Anysystemlogging to this format is compatiblewith Firewall Suite 2.0 and later, Firewall Reporting Center 1.0 and later, and SecurityReporting Center 2.0 and later.
AWELF log file is composed of records. Each record is a single line in the file. Recordsare always in chronological order. The earliest record is the first record in the file; themost recent record is the last record in the file. WELF places no restrictions on logfilenames or log file rotation policies.
NOTE: EachWELF record is composed of fields. The record identifier field(id=)mustbe the first field ina record.All other fields canappear inanyorder.
The following is a sampleWELF record:
id=firewall time="2000-2-4 12:01:01" fw=192.168.0.238 pri=6 rule=3 proto=httpsrc=192.168.0.23 dst=6.1.0.36 rg=www.webtrends.com/index.html op=GET result=0rcvd=1426
The fields from the exampleWELF record include the following required elements (allother fields are optional):
id (Record identifier)
time (Date/time)
fw (Firewall IP address or name)
pri (Priority of the record)
RelatedDocumentation
Unified Threat Management Overview on page 3
Junos OS UTM Library for Security Devices
9Copyright 2013, Juniper Networks, Inc.
-
Understanding UTM CustomObjects on page 5
Understanding UTM Licensing on page 7
Updating UTM Licenses (CLI Procedure) on page 19
Example: ConfiguringWELF Logging for UTM Features on page 21
Copyright 2013, Juniper Networks, Inc.10
UTMOverview Feature Guide for Security Devices
-
CHAPTER 4
Chassis Cluster
Understanding UTM Support for Active/Active Chassis Cluster on page 11
Understanding Chassis Cluster support for UTMModules on page 13
Understanding UTMSupport for Active/Active Chassis Cluster
Supported Platforms SRX100, SRX210, SRX220, SRX240, SRX550, SRX650
A chassis cluster environment supports UTMwith:
Packet Forwarding Engine in active/backup chassis cluster configurations with thePacket Forwarding Engine and the Routing Engine being active in the same node (OnSRX Series devices.
On SRX100, SRX210, SRX220, SRX240, SRX550, and SRX650 devices, the UTMfunctionality is supported in both active/active and active/backup chassis clusterconfigurations where the Packet Forwarding Engine can be active on both the clusternodes and the Routing Engine and the Packet Forwarding Engine can be active indifferent nodes.
NOTE: No separate license for UTM in chassis cluster is required. The usualUTM licenses required for UTM features are required. Licenses should beavailable in both the nodes.
UTM supports stateless (that is, no state regarding UTM is synchronized between theclusternodes) thePacketForwardingEngineactive/activechassis cluster configurations.All theUTMsessions anchoredon the redundancy groupbeing failedoverwill be abortedand new sessions are set up with the new primary redundancy group.
Stateful active/active cluster mode is not supported. Stateful objects like UTM sessionswill notbesynchronized; that is, noUTMmodule runtimeobjects (RTOs)are synchronizedbetween the cluster nodes. You need to install UTM licenses in both the nodesindependently.
11Copyright 2013, Juniper Networks, Inc.
-
UTM is supported in the following chassis cluster modes:
Active/activemodeIn this mode, the redundancy groups can be active on both ofthe cluster nodes. The transit traffic can be processed by both nodes. Any trafficbetween nodes transits through the fabric link.
The transit traffic includes:
Traffic forwarded between interfaces for redundancy groups 1 and up across nodes
Traffic forwarded between interfaces for redundancy groups 1 and up that are partof the same node but have one or more redundancy groups active on both of thenodes
Traffic forwarded between RG0-controlled interfaces across devices (traffic fromthesecondaryRG0 is sent to theprimaryRG0over the fabric link for routingdecisions)
Active/backupmodeIn thismode,all the redundancygroupsareactive inoneclusternode. All the transit traffic is processed by this single node.
The transit traffic includes:
Traffic forwarded between interfaces for redundancy groups 1 and up that are partof the same node
Traffic forwarded between RG0-controlled interfaces for redundancy groups 1 andup that are in the same node
UTM is supported for the following chassis cluster failover types:
Manual failoverSupports manual failover through the set chassis cluster failovercommand.BothRG0and redundancygroups 1andupcan fail overusing this command.
RG0 automatic failoverThis failover is supported through control link failure,monitoringobjects (IPaddress, interfacemonitoring), or preempt/priority configuration.
Redundancy groups 1 and up automatic failoverThis failover is supported throughmonitoringobjects (IPaddress, interfacemonitoring)or preempt/priority configuration.This failover leads to active link changes and can result in active/active mode.
Failover through rebootA primary node can be changed to a secondary node byrebooting the node. All redundancy groups in the node that's is rebootedwill no longerbe primary nodes.
Failover through flowd restartRedundancy groups 1 and up will be changed tosecondary nodes when the flowd restarts.
The following UTM features are supported in chassis cluster:
Content filtering
URL (Web) filtering
Antispam filtering
Express antivirus scanning
Copyright 2013, Juniper Networks, Inc.12
UTMOverview Feature Guide for Security Devices
-
Full file-based antivirus scanning
Sophos antivirus scanning
All the UTM configurations are either maintained in the Routing Engine or pushed to thePacket Forwarding Engine from the Routing Engine. The configuration synchronizationbetween the two nodes is taken care of by the chassis cluster infrastructure. This holdstrue for all the UTMmodules too. You can configure UTM either from the primary orsecondary node, and the same configurationwill be reflected in the other node once youcommit the first configuration.
There is a dependency on ACL support on control links. The time taken to spawn theprocesses depends on the device. There will be a small delay for the Unified ThreatManagement daemon (utmd) to come up operationally, even though utmd daemon isrunning in the secondary Routing Engine, because there can be a startup delay for all thedependant daemons.
RelatedDocumentation
Chassis Cluster Overview
Understanding Chassis Cluster Formation
Understanding Chassis Cluster Redundancy Groups
Understanding Chassis Cluster Redundant Ethernet Interfaces
Unified Threat Management Overview on page 3
Understanding Chassis Cluster support for UTMModules on page 13
Junos OS UTM Library for Security Devices
Understanding Chassis Cluster support for UTMModules
Supported Platforms SRX100, SRX210, SRX220, SRX240, SRX550, SRX650
Content filteringContent filtering blocks or permits certain types of traffic based onthe MIME type, file extension, and protocol command. The content filter controls filetransfers across the gateway by checking traffic against configured filter lists.
In content filtering, the user configuration(mime-pattern/filename-extension/protocol-command/content-type) is pushedfrom the Routing Engine to the Packet Forwarding Engine real-time (PFE-RT). Thefiltering decision is entirely based on the user configuration and is done on the PacketForwarding Engine real-time (PFE-RT) side. For the transit traffic, the configurationlookup (for the block/permit decision) and the entire UTM processing occurs in thePacket Forwarding Engine itself and does not go to the Routing Engine (that is thecomplete UTM session resides in the Packet Forwarding Engine.
URL (Web) filteringWeb filtering lookups takes place in the primary Routing Engineandboth thePacketForwardingEnginessend the lookup request to theprimaryRoutingEngine.
Four kinds ofWeb filtering mechanisms supported on SRX100, SRX210, SRX220,SRX240, and SRX650 devices are described in Table 4 on page 14.
13Copyright 2013, Juniper Networks, Inc.
Chapter 4: Chassis Cluster
-
Table 4:Web FilteringMechanisms for Chassis Cluster Support
DescriptionWeb Filtering Type
Decision (allow/deny) is always made by an external Websense server
TCP connections are set up from the utmd daemon to theWebsense server
Any request to theWebsense server is sent using one of these TCP connections.
Redirect Web filtering
The local URL Filtering cachemaintained on the RT side is updatedwith the URL to categorymappings received from the SurfControl content portal authority (SC-CPA) server for URLlookup requests sent to it.
RT side also maintains a list of categories received from the SC-CPA server.
You can configure actions for various categories received from the SC-CPA server. Thisconfiguration is maintained in RT side.
You candefine your own categories that contain a list of URLs and IP addresses. A predefinedprofile (ns-profile) can be used too. This configuration is also maintained on the RT side.
URL lookups are made against the URL Filtering cache and the user-defined categories.
If thecategory for theURL isnot found in the localURLFilteringcache, categorization requestsare sent to the utmd daemon and subsequently forwarded to the external SC-CPA Serverfor response.
IntegratedWeb filtering
EnhancedWeb Filtering is similar to integratedWeb filtering. It maintains the URL Filteringcache, a list of categories from the server, and a list of user-defined categories. It performs thelookup and categorization similar to integratedWeb filtering. It is similar in mechanism butdiffers in the server functionality to determine URL categories.
EnhancedWeb Filtering
You can configure URL whitelists or blacklists for the URL lookups. This configuration ismaintained on the real-time side of the Packet Forwarding Engine.
Juniper local URL filtering
Antispam filteringAntispam filtering pushes the user configuration (whitelist andblacklist) from the Routing Engine to the PFE-RT.
Express antivirus scanningIn express antivirus scanning, the antivirus detectionfunctionality is performed by the Pattern Matching Engine (PME) in the PacketForwarding Engine of the node where the UTM traffic is anchored. The signaturedatabase is downloaded by the primary Routing Engine and synchronized to thesecondary Routing Engine to be loaded in its local PME. If configured, the primaryRouting Engine does the periodic signature database updates and synchronizes themto the secondary Routing Engine.
Full file-basedantivirusscanningIn full antivirus scanning, theKaspersky Labengineis responsible for scanning all the data it receives. The signature database isdownloaded from external Kaspersky Lab servers and used by the scan engine in theRouting Engine. Full AV antivirus scanning is done in the Routing Engine of each nodewhere the UTM traffic is anchored. The signature database files are downloaded bythe primary Routing Engine and synchronized to the secondary Routing Engine. Ifconfigured, the primary Routing Engine performs the periodic signature databaseupdate and synchronizes it to the secondary Routing Engine.
Copyright 2013, Juniper Networks, Inc.14
UTMOverview Feature Guide for Security Devices
-
Apart from the signature database lookup, full antivirus scanning uses the followingconfiguration that is maintained in the RT side to determine if full antivirus scanningneeds to be performed:
Mime whitelistA hit bypasses antivirus scanning
Mime exception listAn exception to the whitelist
URL whitelista hit bypasses antivirus scanning
Filename extensionOnly these extensions are sent for antivirus scanning
The packet processing in full antivirus scanning might occur within RT side based onthe result of the user-configured lists. Otherwise, the UTM session spans across RTand RE side if full virus scanning needs to be performed.
RelatedDocumentation
Chassis Cluster Overview
Understanding Chassis Cluster Formation
Understanding Chassis Cluster Redundancy Groups
Understanding Chassis Cluster Redundant Ethernet Interfaces
Unified Threat Management Overview on page 3
Understanding UTM Support for Active/Active Chassis Cluster on page 11
Junos OS UTM Library for Security Devices
15Copyright 2013, Juniper Networks, Inc.
Chapter 4: Chassis Cluster
-
Copyright 2013, Juniper Networks, Inc.16
UTMOverview Feature Guide for Security Devices
-
PART 2
Configuration UTM Licensing on page 19
WELF Logging on page 21
Configuration Statements on page 25
17Copyright 2013, Juniper Networks, Inc.
-
Copyright 2013, Juniper Networks, Inc.18
UTMOverview Feature Guide for Security Devices
-
CHAPTER 5
UTM Licensing
Updating UTM Licenses (CLI Procedure) on page 19
Updating UTM Licenses (CLI Procedure)
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
To apply your UTM subscription license to the device, use the following CLI command:
user@host> request system license update
RelatedDocumentation
Unified Threat Management Overview on page 3
Understanding UTM CustomObjects on page 5
Understanding UTM Licensing on page 7
UnderstandingWELF Logging for UTM Features on page 9
Example: ConfiguringWELF Logging for UTM Features on page 21
Junos OS UTM Library for Security Devices
19Copyright 2013, Juniper Networks, Inc.
-
Copyright 2013, Juniper Networks, Inc.20
UTMOverview Feature Guide for Security Devices
-
CHAPTER 6
WELF Logging
Example: ConfiguringWELF Logging for UTM Features on page 21
Example: ConfiguringWELF Logging for UTM Features
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
This example shows how to configureWELF logging for UTM features.
Requirements on page 21
Overview on page 21
Configuration on page 21
Verification on page 23
Requirements
Before you begin, review the fields used to create aWELF log file and record. SeeUnderstandingWELF Logging for UTM Features on page 9.
Overview
AWELF log file is composed of records. Each record is a single line in the file. Recordsare always in chronological order. The earliest record is the first record in the file; themost recent record is the last record in the file. WELF places no restrictions on logfilenames or log file rotation policies. In this example, the severity level is emergency andthe name of the security log stream is utm-welf.
Configuration
CLI QuickConfiguration
To quickly configure this example, copy the following commands, paste them into a textfile, remove any line breaks, change any details necessary to match your networkconfiguration, and then copy andpaste the commands into theCLI at the [edit]hierarchylevel.
set security log source-address 1.2.3.4 stream utm-welfset security log source-address 1.2.3.4 stream utm-welf format welfset security log source-address 1.2.3.4 stream utm-welf format welf categorycontent-security
set security log source-address 1.2.3.4 stream utm-welf format welf categorycontent-security severity emergency
21Copyright 2013, Juniper Networks, Inc.
-
set security log source-address 1.2.3.4 stream utm-welf format welf categorycontent-security severity emergency host 5.6.7.8
Step-by-StepProcedure
The following example requires you to navigate various levels in the configurationhierarchy. For instructions on how to do that, see Using the CLI Editor in ConfigurationMode.
To configureWELF logging for UTM features:
1. Set the security log source IP address.
[edit security log]user@host# set source-address 1.2.3.4
NOTE: Youmust save theWELF loggingmessages to a dedicatedWebTrends server.
2. Name the security log stream.
[edit security log]user@host# set source-address 1.2.3.4 stream utm-welf
3. Set the format for the log messages.
[edit security log]user@host# set source-address 1.2.3.4 stream utm-welf format welf
4. Set the category of log messages that are sent.
[edit security log]user@host# set source-address 1.2.3.4 stream utm-welf format welf categorycontent-security
5. Set the severity level of log messages that are sent.
[edit security log]user@host# set source-address 1.2.3.4 stream utm-welf format welf categorycontent-security severity emergency
6. Enter thehostaddressof thededicatedWebTrendsserver towhich the logmessagesare to be sent.
[edit security log]user@host# set source-address 1.2.3.4 stream utm-welf format welf categorycontent-security severity emergency host 5.6.7.8
Results From configuration mode, confirm your configuration by entering the show security logcommand. If the output does not display the intended configuration, repeat theconfiguration instructions in this example to correct it.
[edit]user@host# show security logstream utm-welf { severity emergency; format welf; category contentsecurity;
Copyright 2013, Juniper Networks, Inc.22
UTMOverview Feature Guide for Security Devices
-
host { 5.6.7.8; }}
If you are done configuring the device, enter commit from configuration mode.
Verification
To confirm that the configuration is working properly, perform this task:
Verifying the Security Log on page 23
Verifying the Security Log
Purpose Verify that theWELF log for UTM features is complete.
Action Fromoperationalmode, enter the showsecurityutmstatus command to verify if theUTMservice is running or not.
RelatedDocumentation
Unified Threat Management Overview on page 3
Understanding UTM CustomObjects on page 5
Understanding UTM Licensing on page 7
Updating UTM Licenses (CLI Procedure) on page 19
Junos OS UTM Library for Security Devices
23Copyright 2013, Juniper Networks, Inc.
Chapter 6: WELF Logging
-
Copyright 2013, Juniper Networks, Inc.24
UTMOverview Feature Guide for Security Devices
-
CHAPTER 7
Configuration Statements
Security Configuration Statement Hierarchy on page 25
[edit security utm] Hierarchy Level on page 26
Security Configuration Statement Hierarchy
Supported Platforms J Series, LN Series, SRX Series
Use thestatements in the securityconfigurationhierarchy toconfigureactions, certificates,dynamicvirtualprivatenetworks (VPNs), firewall authentication, flow, forwardingoptions,group VPNs, Intrusion Detection Prevention (IDP), Internet Key Exchange (IKE), InternetProtocol Security (IPsec), logging, Network Address Translation (NAT), public keyinfrastructure (PKI), policies, resourcemanager, rules, screens, secure shell knownhosts,trace options, user identification, Unified Threat Management (UTM), and zones.Statements that are exclusive to the J Series and SRX Series devices running Junos OSare described in this section.
Each of the following topics lists the statements at a sub-hierarchy of the [edit security]hierarchy.
[edit security address-book] Hierarchy Level
[edit security alarms] Hierarchy Level
[edit security alg] Hierarchy Level
[edit security analysis] Hierarchy Level
[edit security application-firewall] Hierarchy Level
[edit security application-tracking] Hierarchy Level
[edit security certificates] Hierarchy Level
[edit security datapath-debug] Hierarchy Level
[edit security dynamic-vpn] Hierarchy Level
[edit security firewall-authentication] Hierarchy Level
[edit security flow] Hierarchy Level
[edit security forwarding-options] Hierarchy Level
[edit security forwarding-process] Hierarchy Level
25Copyright 2013, Juniper Networks, Inc.
-
[edit security gprs] Hierarchy Level
[edit security group-vpn] Hierarchy Level
[edit security idp] Hierarchy Level
[edit security ike] Hierarchy Level
[edit security ipsec] Hierarchy Level
[edit security log] Hierarchy Level
[edit security nat] Hierarchy Level
[edit security pki] Hierarchy Level
[edit security policies] Hierarchy Level
[edit security resource-manager] Hierarchy Level
[edit security screen] Hierarchy Level
[edit security softwires] Hierarchy Level
[edit security ssh-known-hosts] Hierarchy Level
[edit security traceoptions] Hierarchy Level
[edit security user-identification] Hierarchy Level
[edit security utm] Hierarchy Level on page 26
[edit security zones] Hierarchy Level
RelatedDocumentation
Master Administrator for Logical Systems Feature Guide for Security Devices
CLI User Guide
[edit security utm] Hierarchy Level
Supported Platforms J Series, SRX Series
security {utm {application-proxy {traceoptions {flag flag;
}}custom-objects {custom-url-category object-name {value [value];
}filename-extension object-name {value [value];
}mime-pattern object-name {value [value];
}
Copyright 2013, Juniper Networks, Inc.26
UTMOverview Feature Guide for Security Devices
-
protocol-command object-name {value [value];
}url-pattern object-name {value [value];
}}feature-profile {anti-spam {address-blacklist list-name;address-whitelist list-name;sbl {profile profile-name {custom-tag-string [string];(sbl-default-server | no-sbl-default-server);spam-action (block | tag-header | tag-subject);
}}traceoptions {flag flag;
}}anti-virus {juniper-express-engine {pattern-update {email-notify {admin-email email-address;custom-messagemessage;custom-message-subjectmessage-subject;
}interval value;no-autoupdate;proxy {password password-string;port port-number;server address-or-url;username name;
}url url;
}profile profile-name {fallback-options {content-size (block | log-and-permit);default (block | log-and-permit);engine-not-ready (block | log-and-permit);out-of-resources (block | (log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}notification-options {fallback-block {administrator-email email-address;allow-email;custom-messagemessage;custom-message-subjectmessage-subject;display-host;
27Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
(notify-mail-sender | no-notify-mail-sender);type (message | protocol-only);
}fallback-non-block {custom-messagemessage;custom-message-subjectmessage-subject;(notify-mail-recipient | no-notify-mail-recipient);
}virus-detection {custom-messagemessage;custom-message-subjectmessage-subject;(notify-mail-sender | no-notify-mail-sender);type (message | protocol-only);
}}scan-options {content-size-limit value;(intelligent-prescreening | no-intelligent-prescreening);timeout value;
}trickling {timeout value;
}}
}kaspersky-lab-engine {pattern-update {email-notify {admin-email email-address;custom-messagemessage;custom-message-subjectmessage-subject;
}interval value;no-autoupdate;proxy {password password-string;port port-number;server address-or-url;username name;
}url url;
}profile profile-name {fallback-options {content-size (block | log-and-permit);corrupt-file (block | log-and-permit);decompress-layer (block | log-and-permit);default (block | log-and-permit);engine-not-ready (block | log-and-permit);out-of-resources (block | (log-and-permit);password-file (block | (log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}notification-options {fallback-block {
Copyright 2013, Juniper Networks, Inc.28
UTMOverview Feature Guide for Security Devices
-
administrator-email email-address;allow-email;custom-messagemessage;custom-message-subjectmessage-subject;display-host;(notify-mail-sender | no-notify-mail-sender);type (message | protocol-only);
}fallback-non-block {custom-messagemessage;custom-message-subjectmessage-subject;(notify-mail-recipient | no-notify-mail-recipient);
}virus-detection {custom-messagemessage;custom-message-subjectmessage-subject;(notify-mail-sender | no-notify-mail-sender);type (message | protocol-only);
}}scan-options {content-size-limit value;decompress-layer-limit value;(intelligent-prescreening | no-intelligent-prescreening);scan-extension filename;scan-mode (all | by-extension);timeout value;
}trickling {timeout value;
}}
}mime-whitelist {exception listname;list listname {exception listname;
}}sophos-engine {pattern-update {email-notify {admin-email email-address;custom-messagemessage;custom-message-subjectmessage-subject;
}interval value;no-autoupdate;proxy {password password-string;port port-number;server address-or-url;username name;
}url url;
}
29Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
profile {fallback-options {content-size (block | log-and-permit | permit);default (block | log-and-permit | permit);engine-not-ready (block | log-and-permit | permit);out-of-resources (block | log-and-permit | permit);timeout (block | log-and-permit | permit);too-many-requests (block | log-and-permit | permit);
}notification-options {fallback-block {administrator-email email-address;allow-email;custom-messagemessage;custom-message-subjectmessage-subject;display-host;(notify-mail-sender | no-notify-mail-sender);type (message | protocol-only);
}fallback-non-block {custom-messagemessage;custom-message-subjectmessage-subject;(notify-mail-recipient | no-notify-mail-recipient);
}virus-detection {custom-messagemessage;custom-message-subjectmessage-subject;(notify-mail-sender | no-notify-mail-sender);type (message | protocol-only);
}}scan-options {content-size-limit value;(no-uri-check | uri-check);timeout value;
}trickling {timeout value;
}}sxl-retry value;sxl-timeout seconds;
}traceoptions {flag flag;
}type (juniper-express-engine | kaspersky-lab-engine | sophos-engine);url-whitelist listname;
}content-filtering {profile profile-name {block-command protocol-command-list;block-content-type (activex | exe | http-cookie | java-applet | zip);block-extension extension-list;block-mime {exception list-name;
Copyright 2013, Juniper Networks, Inc.30
UTMOverview Feature Guide for Security Devices
-
list list-name;}notification-options {custom-messagemessage;(notify-mail-sender | no-notify-mail-sender);type (message | protocol-only);
}permit-command protocol-command-list;
}traceoptions {flag flag;
}}web-filtering {juniper-enhanced {cache {size value;timeout value;
}profile profile-name {block-message {type {custom-redirect-url;
}url url;
}quarantine-message {type {custom-redirect-url;
}url url;
}category customurl-list name {action (block | log-and-permit | permit | quarantine);
}custom-block-message value;custom-quarantine-message value;default (block | log-and-permit | permit | quarantine);fallback-settings {default (block | log-and-permit);server-connectivity (block | log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}no-safe-search;site-reputation-action {fairly-safe (block | log-and-permit | permit | quarantine);harmful (block | log-and-permit | permit | quarantine);moderately-safe (block | log-and-permit | permit | quarantine);suspicious (block | log-and-permit | permit | quarantine);very-safe (block | log-and-permit | permit |quarantine);
}timeout value;
}server {host host-name;
31Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
port number;}
}juniper-local {profile profile-name {custom-block-message value;default (block | log-and-permit | permit);fallback-settings {default (block | log-and-permit);server-connectivity (block | log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}timeout value;
}}surf-control-integrated {cache {size value;timeout value;
}profile profile-name {category customurl-list name {action (block | log-and-permit | permit);
}custom-block-message value;default (block | log-and-permit | permit);fallback-settings {default (block | log-and-permit);server-connectivity (block | log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}timeout value;
}server {host host-name;port number;
}}traceoptions {flag flag;
}type (juniper-enhanced | juniper-local | surf-control-integrated |websense-redirect);
url-blacklist listname;url-whitelist listname;websense-redirect {profile profile-name {account value;custom-block-message value;fallback-settings {default (block | log-and-permit);server-connectivity (block | log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
Copyright 2013, Juniper Networks, Inc.32
UTMOverview Feature Guide for Security Devices
-
}server {host host-name;port number;
}sockets value;timeout value;
}}
}}ipc {traceoptions flag flag;
}traceoptions {flag flag;
}utm-policy policy-name {anti-spam {smtp-profile profile-name;
}anti-virus {ftp {download-profile profile-name;upload-profile profile-name;
}http-profile profile-name;imap-profile profile-name;pop3-profile profile-name;smtp-profile profile-name;
}content-filtering {ftp {download-profile profile-name;upload-profile profile-name;
}http-profile profile-name;imap-profile profile-name;pop3-profile profile-name;smtp-profile profile-name;
}traffic-options {sessions-per-client {limit value;over-limit (block | log-and-permit);
}}web-filtering {http-profile profile-name;
}}
}}
33Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
RelatedDocumentation
Security Configuration Statement Hierarchy on page 25
Junos OS UTM Library for Security Devices
application-proxy (Security UTM)
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax application-proxy {traceoptions {flag flag;
}}
Hierarchy Level [edit security utm]
Release Information Statement introduced in Junos OS Release 9.5.
Description Configure trace options for the application proxy.
Options The remaining statements are explained separately.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
UTMOverview Feature Guide for Security Devices
Copyright 2013, Juniper Networks, Inc.34
UTMOverview Feature Guide for Security Devices
-
log (Security)
Supported Platforms J Series, SRX Series
Syntax log {cache {exclude exclude-name {destination-address destination-address;destination-port destination-port;event-id event-id;failure;interface-name interface-name;policy-name policy-name;process process-name;protocol protocol;source-address source-address;source-port source-port;success;user-name user-name;
}limit value;
}disable;event-rate rate;file {filesmax-file-number;name file-name;path binary-log-file-path;sizemaximum-file-size;
}format (binary | sd-syslog | syslog);mode (event | stream);rate-cap rate-cap-value;source-address source-address;stream stream-name {category (all | content-security);format (binary | sd-syslog | syslog | welf);host {ip-address;port port-number;
}severity (alert | critical | debug | emergency | error | info | notice | warning);
}traceoptions {file {filename;files number;match regular-expression;sizemaximum-file-size;(world-readable | no-world-readable);
}flag flag;no-remote-trace;
}utc-time-stamp;
35Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
}Hierarchy Level [edit security]
Release Information Statement introduced in Junos OS Release 9.2.
Description You can set the mode of logging (event for traditional system logging or stream forstreaming security logs through a revenue port to a server). You can also specify all theother parameters for security logging.
Options disableDisable the security logging for the device.
event-rate rateLimits the rate (0 through 1500) at which logs will be streamed persecond.
rate-cap rate-cap-valueLimits the rate (0 through 5000) at which data plane logswill be generated per second.
source-address source-addressSpecify a source IP address or IP address used whenexporting security logs.
utc-time-stampSpecify to use UTC time for security log timestamps.
The remaining statements are explained separately.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Application Tracking Feature Guide for Security Devices
Master Administrator for Logical Systems Feature Guide for Security Devices
Copyright 2013, Juniper Networks, Inc.36
UTMOverview Feature Guide for Security Devices
-
format (Security Log Stream)
Supported Platforms J Series, SRX Series
Syntax format (binary | sd-syslog | syslog | welf)
Hierarchy Level [edit security log stream stream-name]
Release Information Statement introduced in Release 10.0 of Junos OS. Updated in Release 12.1 of Junos OS.
Description Set the format for remote security message logging to binary, syslog (system log),sd-syslog (structured system log), orwelf. Note that for theWELF format, the categorymust be set to content-security (see category (Security Logging)).
Options binaryBinary encoded text to conserve resources.
sd-syslogStructured system log file.
syslogTraditional system log file.
welfWeb Trends Extended Log Format.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Application Tracking Feature Guide for Security Devices
Master Administrator for Logical Systems Feature Guide for Security Devices
37Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
category (Security Logging)
Supported Platforms J Series, SRX Series
Syntax category (all | content-security)
Hierarchy Level [edit security log stream stream-name]
Release Information Statement introduced in Release 10.0 of Junos OS.
Description Set the category of logging to all or content-security. Note that for theWELF format, thecategory must be set to content-security.
NOTE: On SRX3400, SRX3600, SRX5600, and SRX 5800 devices, if thestream configuration does not specify a destination port, the defaultdestinationportwill be the syslogport. If you specify a destinationport in thestream configuration, then that port will be used instead.
Options allAll events are logged.
content-securityOnly content security events are logged.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Application Tracking Feature Guide for Security Devices
Master Administrator for Logical Systems Feature Guide for Security Devices
Copyright 2013, Juniper Networks, Inc.38
UTMOverview Feature Guide for Security Devices
-
content-filtering (Security UTMPolicy)
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax content-filtering {ftp {download-profile profile-name;upload-profile profile-name;
}http-profile profile-name;imap-profile profile-name;pop3-profile profile-name;smtp-profile profile-name;
}
Hierarchy Level [edit security utm utm-policy policy-name]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description Configure a UTM policy for the content-filtering protocols and attach this policy to asecurity profile to implement it.
Options The remaining statements are explained separately.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
UTM Content Filtering Feature Guide for Security Devices
limit (UTMPolicy)
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax limit value;
Hierarchy Level [edit security utm utm-policy policy-name traffic-options sessions-per-client]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description In an attempt to consume all available resources and hinder the ability of the device, amalicious user might generate a large amount of traffic all at once. To prevent suchactivity from succeeding, you can impose a session throttle to limit sessions.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
UTM Content Filtering Feature Guide for Security Devices
UTMOverview Feature Guide for Security Devices
39Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
ipc
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax ipc {traceoptions flag flag;
}
Hierarchy Level [edit security utm]
Release Information Statement introduced in Junos OS Release 9.5.
Description Configure trace options for IPC.
Options flagTrace operation to perform. To specify more than one trace operation, includemultiple flag statements.
allEnable trace for all IPC trace options.
basicTrace basic IPC related information.
connection-managerTrace IPC connection manager information.
connection-statusTrace IPC connection status information.
detailTrace IPC related detailed information.
pfeTrace communication with PFE.
utm-realtimeTrace IPC realtime-thread information.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
UTMOverview Feature Guide for Security Devices
Copyright 2013, Juniper Networks, Inc.40
UTMOverview Feature Guide for Security Devices
-
sessions-per-client
Supported Platforms J Series, SRX Series
Syntax sessions-per-client {limit value;over-limit (block | log-and-permit);
}
Hierarchy Level [edit security utm utm-policy policy-name traffic-options]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description In an attempt to consume all available resources and hinder the ability of the device, amalicious user might generate a large amount of traffic all at once. To prevent suchactivity from succeeding, you can impose a session throttle.
NOTE: Thesessions-per-client limitcommandsupports theantispam,contentfiltering, and antivirus UTM features. It does not supportWeb filtering.
Options The remaining statements are explained separately.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
UTMOverview Feature Guide for Security Devices
smtp-profile (Security UTMPolicy Antispam)
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax smtp-profile profile-name;
Hierarchy Level [edit security utm utm-policy policy-name anti-spam]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description Configure a UTM policy for the antispam SMTP protocol and attach this policy to asecurity profile to implement it.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
UTM Content Filtering Feature Guide for Security Devices
41Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
traffic-options
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax traffic-options {sessions-per-client {limit value;over-limit (block | log-and-permit);
}}
Hierarchy Level [edit security utm utm-policy policy-name]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description In an attempt to consume all available resources and hinder the ability of the device, amalicious user might generate a large amount of traffic all at once. To prevent suchactivity from succeeding, you can impose a session throttle.
Options The remaining statements are explained separately.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
UTM Content Filtering Feature Guide for Security Devices
Copyright 2013, Juniper Networks, Inc.42
UTMOverview Feature Guide for Security Devices
-
traceoptions (Security Application Proxy)
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax traceoptions {flag flag;
}
Hierarchy Level [edit security utm application-proxy]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description Configure tracing options for application proxy.
Options flagTrace operation to perform. To specify more than one trace operation, includemultiple flag statements.
abortTrace aborted sessions for application proxy.
allTrace with all flags enabled.
anti-virusTrace anti-virus information.
application-objectsTrace application-proxy objects information.
basicTrace application-proxy related basic information.
bufferTrace application-proxy data buffer information.
connection-ratingTrace connection rating information.
detailTrace application-proxy related detailed information.
express-anti-virusTrace anti-virus express engine information.
ftp-controlTrace FTP control connection information.
ftp-dataTrace FTP data connection information.
httpTrace HTTP protocol information.
imapTrace IMAP protocol information.
memoryTracememory usage.
mimeTrace MIME parser information.
parserTrace protocol parser information.
pfeTrace communication with PFE.
pop3Trace POP3 protocol information.
queueTrace queue information.
regex-engineTrace Pattern Match Engine (PME) information.
smtpTrace SMTP protocol information.
sophos-anti-virusTrace anti-virus sophos engine information.
43Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
tcpTrace TCP level information.
timerTrace timer processing.
utm-realtimeTrace application-proxy realtime-thread information
Required PrivilegeLevel
traceTo view this statement in the configuration.trace-controlTo add this statement to the configuration.
RelatedDocumentation
UTMOverview Feature Guide for Security Devices
traceoptions (Security UTM)
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax traceoptions flag flag;
Hierarchy Level [edit security utm]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description Define tracing operations for UTM features.
Options flagTrace operation to perform. To specify more than one trace operation, includemultiple flag statements.
allEnable trace for all UTM trace options.
cliTrace CLI configuration activity and command changes.
daemonTrace daemon information.
ipcTrace communication events with Packet Forwarding Engine (PFE).
pfeTrace PFE information.
Required PrivilegeLevel
traceTo view this statement in the configuration.trace-controlTo add this statement to the configuration.
RelatedDocumentation
UTMOverview Feature Guide for Security Devices
Copyright 2013, Juniper Networks, Inc.44
UTMOverview Feature Guide for Security Devices
-
utm-policy (Application Services)
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax utm-policy policy-name;
Hierarchy Level [edit security policies from-zone zone-name to-zone zone-name policy policy-name thenpermit application-services]
Release Information Statement introduced in Junos OS Release 11.1.
Description Configure aUTMpolicy for application services and attach this policy to a security profileto implement it.
Options policy-nameSpecify the name of the UTM policy.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
UTM Content Filtering Feature Guide for Security Devices
45Copyright 2013, Juniper Networks, Inc.
Chapter 7: Configuration Statements
-
Copyright 2013, Juniper Networks, Inc.46
UTMOverview Feature Guide for Security Devices
-
PART 3
Administration Operational Commands on page 49
47Copyright 2013, Juniper Networks, Inc.
-
Copyright 2013, Juniper Networks, Inc.48
UTMOverview Feature Guide for Security Devices
-
CHAPTER 8
Operational Commands
49Copyright 2013, Juniper Networks, Inc.
-
clear security utm session
Supported Platforms J Series, SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650
Syntax clear security utm session
Release Information Command introduced in Junos OS Release 9.5.Support for UTM in chassis cluster added in Junos OS Release 11.4.
Description Clear UTM session information. With chassis cluster support for UTM, sessions on boththe nodes are cleared.
Required PrivilegeLevel
clear
RelatedDocumentation
show security utm session
show security utm status on page 53
Junos OS UTM Library for Security Devices
Output Fields This command produces no output.
Sample Output
clear security utm session
user@host> clear security utm session
Copyright 2013, Juniper Networks, Inc.50
UTMOverview Feature Guide for Security Devices
-
request system license update
Supported Platforms J Series, LN Series, SRX Series
Syntax request system license update
Release Information Command introduced in Junos OS Release 9.5.
Description Start autoupdating license keys from the LMS server.
Options trialStarts autoupdating trial license keys from the LMS server.
Required PrivilegeLevel
maintenance
RelatedDocumentation
Administration Guide for Security Devices
UTMOverview Feature Guide for Security Devices
Installation and Upgrade Guide for Security Devices
List of Sample Output request system license update on page 51request system license update trial on page 51
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
request system license update
user@host> request system license update
Request to automatically update license keys from https://ae1.juniper.net has been sent, use show system license to check status.
request system license update trial
user@host> request system license update trial
Request to automatically update trial license keys from https://ae1.juniper.net has been sent, use show system license to check status.
51Copyright 2013, Juniper Networks, Inc.
Chapter 8: Operational Commands
-
show configuration smtp
Supported Platforms J Series, SRX Series
Syntax show configuration smtp
Release Information Command introduced in Release 10.0 of Junos OS.
Description Display complete SMTP information.
Options apply-groupsGroups fromwhich SMTP inherits configuration data.
apply-groups-exceptGroups fromwhichSMTP restricts inheriting configurationdata.
Required PrivilegeLevel
view
RelatedDocumentation
Junos OS UTM Library for Security Devices
List of Sample Output show configuration smtp on page 52
Output Fields Table5onpage52describes theoutput fields for the showconfigurationsmtpcommand.
Table 5: show configuration smtp
Level of OutputField DescriptionField Name
All levelsSMTP server's IPv4 addressaddress
All levelsConfigure a mail sender account to the serverlogin
All levelsDefault sender password for user authenticationpassword
Sample Output
show configuration smtp
user@host> show configuration smtpprimary-server { address 218.102.48.213; login "[email protected]" { password "$9$YhgoZ.PQ6CuTQlKMLN-qmP"; ## SECRET-DATA }}
Copyright 2013, Juniper Networks, Inc.52
UTMOverview Feature Guide for Security Devices
-
show security utm status
Supported Platforms J Series, SRX Series
Syntax show security utm status
Release Information Command introduced in Junos OS Release 9.5.Support for UTM in chassis cluster added in Junos OS Release 11.4.
Description Displaywhether theUTM service is running or not and status of both the nodes (with fullchassis cluster support for UTM).
Required PrivilegeLevel
view
RelatedDocumentation
clear security utm session on page 50
show security utm session
Junos OS UTM Library for Security Devices
Output Fields show security utm status
Output fields are listed in the approximate order in which they appear.
show security utm status
user@host> show security utm statusUTM service status: Running
53Copyright 2013, Juniper Networks, Inc.
Chapter 8: Operational Commands
-
show security log
Supported Platforms J Series, SRX Series
Syntax showsecurity log {all|destination-address|destination-port|event-id| failure|interface-name|newer-than| older-than| process| protocol| severity| sort-by| source-address| source-port|success| user}
Release Information Command introduced in Release 11.2 of Junos OS.
Description Display security event logs. This command continuously displays security events on thescreen. To stop the display, press Ctrl+c.
Options allDisplays all audit event logs stored in the device memory.
destination-addressDisplays audit event logs with the specified destination address.
destination-portDisplays audit event logs with the specified destination port.
event-idDisplays audit event logs with the specified event identification number.
failureDisplays failed audit event logs.
interface-nameDisplays audit event logs with the specified interface.
newer-thanDisplays audit event logs newer than the specified date and time.
older-thanDisplays audit event logs older than the specified date and time.
processDisplays audit event logs with the specified process that generated the event.
protocolDisplays audit event logs generated through the specified protocol.
severityDisplays audit event logs generated with the specified severity.
sort-byDisplays audit event logs generated sorted with the specified options.
source-addressDisplays audit event logs with the specified source address.
source-portDisplays audit event logs with the specified source port.
successDisplays successful audit event logs.
usernameDisplays audit event logs generated for the specified user.
Required PrivilegeLevel
view
RelatedDocumentation
exclude (Security Log)
clear security log
List of Sample Output show security log on page 55
Copyright 2013, Juniper Networks, Inc.54
UTMOverview Feature Guide for Security Devices
-
Output Fields Table 6 on page 55 lists the output fields for the show security log command. Outputfields are listed in the approximate order in which they appear.
Table 6: show security log Output Fields
Field DescriptionField Name
The timestamp of the events received.
On SRXSeries devices, security logswere always timestamped using the UTC time zoneby running set system time-zone utc and set security log utc-timestamp CLI commands.Now, time zone can be defined using the local time zone by running the set systemtime-zone time-zone command to specify the local time zone that the system shoulduse when timestamping the security logs.
Event time
Security events are listed.Message
Sample Output
show security log
user@host> show security logEvent time Message2010-10-22 13:28:37 CST session created 1.1.1.2/1->2.2.2.2/1308 icmp 1.1.1.2/1->2.2.2.2/1308 None None 1 policy1 trustZone untrustZone 52 N/A(N/A) ge-0/0/1.02010-10-22 13:28:38 CST session created 1.1.1.2/2->2.2.2.2/1308 icmp 1.1.1.2/2->2.2.2.2/1308 None None 1 policy1 trustZone untrustZone 54 N/A(N/A) ge-0/0/1.0
...
2010-10-22 13:36:12 CST session denied 1.1.1.2/1->2.2.2.2/54812 icmp 1(8) policy1 trustZone untrustZone N/A(N/A) ge-0/0/1.02010-10-22 13:36:14 CST session denied 1.1.1.2/2->2.2.2.2/54812 icmp 1(8) policy1 trustZone untrustZone N/A(N/A) ge-0/0/1.0
...
2010-10-27 15:50:11 CST IP spoofing! source: 2.2.2.20, destination: 2.2.2.2, protocol-id: 17, zone name: trustZone, interface name: ge-0/0/1.0, action: drop2010-10-27 15:50:11 CST IP spoofing! source: 2.2.2.20, destination: 2.2.2.2, protocol-id: 17, zone name: trustZone, interface name: ge-0/0/1.0, action: drop
...
2011-02-18 15:53:34 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/certification-authority/ca-profile1-ca1.cert2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/crl/ca-profile1.crl2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/system-key-pair/system-generated.priv2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/system-cert/system-generated.cert2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/key-pair/cert1.priv2011-02-18 15:53:42 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/key-pair/test2.priv
...
55Copyright 2013, Juniper Networks, Inc.
Chapter 8: Operational Commands
-
2011-03-14 23:00:40 PDT IDP_COMMIT_COMPLETED: IDP policy commit is complete. IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;policy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v]
,failure detail[Policy loading failed :: Policy file not found2011-03-14 23:00:58 PDT ] IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;policy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v]
,failure detail[Policy loading failed :: Policy file not found2011-03-14 23:00:58 PDT ] IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;policy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v]
,failure detail[Policy loading failed :: Policy file not found2011-03-14 23:00:58 PDT ]
...
Event time Message2011-03-21 14:21:49 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 '2011-03-21 14:23:01 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 '2011-03-21 14:23:05 CST KMD_PM_SA_ESTABLISHED: Local gateway: 7.7.7.1, Remote gateway: 8.8.8.1, Local ID: ipv4(any:0,[0..3]=6.6.6.1), Remote ID: ipv4(any:0,[0..3]=9.9.9.1), Direction: inbound, SPI: 37a2a179, AUX-SPI: 0, Mode: tunnel, Type: dynamic 2011-03-21 14:23:05 CST KMD_PM_SA_ESTABLISHED: Local gateway: 7.7.7.1, Remote gateway: 8.8.8.1, Local ID: ipv4(any:0,[0..3]=6.6.6.1), Remote ID: ipv4(any:0,[0..3]=9.9.9.1), Direction: outbound, SPI: b2231c1f, AUX-SPI: 0, Mode: tunnel, Type: dynamic 2011-03-21 14:23:08 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 '2011-03-21 14:23:13 CST UI_CMDLINE_READ_LINE: User 'root', command 'show security log '
Copyright 2013, Juniper Networks, Inc.56
UTMOverview Feature Guide for Security Devices
-
PART 4
Index Index on page 59
57Copyright 2013, Juniper Networks, Inc.
-
Copyright 2013, Juniper Networks, Inc.58
UTMOverview Feature Guide for Security Devices
-
Index
Symbols#, comments in configuration statements......................x( ), in syntax descriptions........................................................x< >, in syntax descriptions......................................................x[ ], in configuration statements............................................x{ }, in configuration statements...........................................x| (pipe), in syntax descriptions.............................................x
Aapplication-proxy statement
utm......................................................................................34
Bbraces, in configuration statements...................................xbrackets
angle, in syntax descriptions.........................................xsquare, in configuration statements..........................x
Ccategory statement
(Security Logging).........................................................38clear security utm session...................................................50comments, in configuration statements..........................xcontent-filtering (utm-policy)...........................................39conventions
text and syntax..................................................................ixcurly braces, in configuration statements........................xcustomer support.....................................................................xi
contacting JTAC................................................................xi
Ddocumentation
comments on....................................................................xi
Ffont conventions.......................................................................ixformat statement, second use...........................................37
Iipc.................................................................................................40
Llimit..............................................................................................39log statement
(Security Logging).........................................................35
Mmanuals
comments on....................................................................xi
Pparentheses, in syntax descriptions...................................x
Rrequest system license update command.....................51
SSecurity Configuration Statement Hierarchy...............25sessions-per-client.................................................................41show configuration smtp ....................................................52show security log command..............................................54show security utm status.....................................................53smtp-profile (antispam utm-policy)...............................41support, technical See technical supportsyntax conventions..................................................................ix
Ttechnical support
contacting JTAC......................................................