Security

Expand all | Collapse all

UTM in Transparent mode SRX

  • 1.  UTM in Transparent mode SRX

    Posted 20 days ago
    Hi All , Can you help me identify what is missing ? Web filtering and anti-virus is not working . 

    Here's my config . 

    [edit]
    root#
    root# show | display set
    set version 15.1X49-D240.4
    set system root-authentication encrypted-password "$5$EtJGLyTz$41pz7b0Oxu0j51rYeUbQ4elxotsGmt4xGbWkQPV.UiB"
    set system name-server 8.8.8.8
    set system name-server 8.8.4.4
    set system name-server 192.168.1.1
    set system services ssh
    set system services netconf ssh
    set system services dhcp-local-server group jdhcp-group interface irb.0
    set system services web-management http
    set system services web-management https system-generated-certificate
    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
    set services application-identification
    set security utm feature-profile anti-virus type sophos-engine
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options default permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options content-size permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options engine-not-ready permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options timeout permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options out-of-resources permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options too-many-requests permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV scan-options uri-check
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV scan-options content-size-limit 10000
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV scan-options timeout 180
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options virus-detection type message
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options virus-detection notify-mail-sender
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options virus-detection custom-message "VIRUS FOUND !!!!! BACK OFF !!!!!"
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options fallback-block type message
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options fallback-block notify-mail-sender
    set security utm feature-profile web-filtering type juniper-enhanced
    set security utm feature-profile web-filtering juniper-enhanced cache timeout 1800
    set security utm feature-profile web-filtering juniper-enhanced cache size 500
    set security utm feature-profile web-filtering juniper-enhanced server host rp.cloud.threatseeker.com
    set security utm feature-profile web-filtering juniper-enhanced server port 80
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_Adult_Material action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_Social_Networking_and_Personal_Sites action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_Entertainment action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_News_and_Media action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_Job_Search action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action very-safe log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action moderately-safe log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action fairly-safe log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action suspicious log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action harmful log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced default log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced custom-block-message "WEBSITE BLOCKED !!!!!"
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced fallback-settings default log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced fallback-settings server-connectivity log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced fallback-settings timeout log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced fallback-settings too-many-requests log-and-permit
    set security utm utm-policy Test-UTM-Policy anti-virus http-profile Test-Sophos-AV
    set security utm utm-policy Test-UTM-Policy web-filtering http-profile Test-WF-Enhanced
    set security utm utm-policy Test-UTM-Policy traffic-options sessions-per-client limit 200
    set security utm utm-policy Test-UTM-Policy traffic-options sessions-per-client over-limit log-and-permit
    set security screen ids-option untrust-screen icmp ping-death
    set security screen ids-option untrust-screen ip source-route-option
    set security screen ids-option untrust-screen ip tear-drop
    set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
    set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
    set security screen ids-option untrust-screen tcp syn-flood timeout 20
    set security screen ids-option untrust-screen tcp land
    set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
    set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
    set security policies from-zone trust to-zone trust policy trust-to-trust match application any
    set security policies from-zone trust to-zone trust policy trust-to-trust then permit
    set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
    set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
    set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
    set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit application-services utm-policy Test-UTM-Policy
    set security zones security-zone trust host-inbound-traffic system-services all
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/1.0
    set security zones security-zone untrust screen untrust-screen
    set security zones security-zone untrust interfaces ge-0/0/0.0
    set security zones security-zone MGMT host-inbound-traffic system-services all
    set security zones security-zone MGMT interfaces ge-0/0/4.0
    set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members Vlan10
    set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members Vlan10
    set interfaces ge-0/0/4 unit 0 family inet address 192.168.2.1/24
    set interfaces ge-0/0/7 unit 0 family inet dhcp-client vendor-id Juniper-srx320
    set interfaces cl-1/0/0 dialer-options pool 1 priority 100
    set interfaces dl0 unit 0 family inet negotiate-address
    set interfaces dl0 unit 0 family inet6 negotiate-address
    set interfaces dl0 unit 0 dialer-options pool 1
    set interfaces dl0 unit 0 dialer-options always-on
    set interfaces dl0 unit 0 dialer-options dial-string 1234
    set interfaces irb unit 0 family inet address 192.168.1.200/24
    set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1
    set protocols l2-learning global-mode transparent-bridge
    set protocols rstp interface all
    set access address-assignment pool junosDHCPPool family inet network 192.168.1.0/24
    set access address-assignment pool junosDHCPPool family inet range junosRange low 192.168.1.2
    set access address-assignment pool junosDHCPPool family inet range junosRange high 192.168.1.254
    set access address-assignment pool junosDHCPPool family inet dhcp-attributes router 192.168.1.1
    set access address-assignment pool junosDHCPPool family inet dhcp-attributes propagate-settings ge-0/0/0.0
    set vlans Vlan10 vlan-id 10
    set vlans Vlan10 l3-interface irb.0

    Thanks 
    Darwin

    ------------------------------
    DARWIN V. LAURENCIANO
    ------------------------------


  • 2.  RE: UTM in Transparent mode SRX

    Posted 19 days ago
    Hi,

    You should share additional info such as srx model that u used.


    Thanks


  • 3.  RE: UTM in Transparent mode SRX

    Posted 18 days ago
    Hi Kronicklez , Thank you for the response . 

    Currently i'm testing it in SRX320 appliance . But It need to be operational on SRX1500 unit . 

    Thanks

    ------------------------------
    DARWIN V. LAURENCIANO
    ------------------------------