EasyManua.ls Logo

Juniper Junos OS - Example: Configuring Unified Threat Management for a Branch SRX Series

Juniper Junos OS
158 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Example: Configuring Unified Threat Management for a Branch SRX Series
This example shows how to configure UTM quickly on your branch SRX Series by using
the predefined UTM components.
Requirements
Before you begin, install or verify a UTM feature license. See “Updating Licenses for a
Branch SRX Series” on page 47.
This example uses the following hardware and software components:
An SRX210
Junos OS Release 12.1X44-D10
Overview
In this example, you enable UTM components (antispam, antivirus, and Web filtering)
on the SRX210 by applying the following preconfigured profiles:
Antispam protection by using the junos-as-defaults profile to block and filter spam
e-mail messages.
Antivirus protection by using the junos-av-defaults profile to detect and block malicious
codes.
Web filtering by using the junos-wf-cpa-default profile to block access to (HTTP)
websites based on IP address or URL.
After you create a UTM policy, attach the UTM policy to the default security policy.
Configuration
CLI Quick
Configuration
To quickly configure this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match your network
configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,
and then enter commit from configuration mode.
set security utm utm-policy policy-utm-all anti-spam smtp-profile junos-as-defaults
set security utm utm-policy policy-utm-all anti-virus http-profile junos-av-defaults
set security utm utm-policy policy-utm-all web-filtering http-profile junos-wf-cpa-default
set security policies from-zone trust to-zone untrust policy trust-to-untrust match
source-address any destination-address any application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
application-services utm-policy policy-utm-all
Step-by-Step
Procedure
To configure UTM components:
Create a UTM policy and apply the default antispam profile to the UTM policy.1.
[edit]
user@srx210-host# set security utm utm-policy policy-utm-all anti-spam
smtp-profile junos-as-defaults
51Copyright © 2016, Juniper Networks, Inc.
Chapter 8: Configuring UTM for Branch SRX Series

Table of Contents

Related product manuals