Security

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  UTM in Transparent mode SRX

    Posted 02-15-2021 04:08
    Hi All , Can you help me identify what is missing ? Web filtering and anti-virus is not working . 

    Here's my config . 

    [edit]
    root#
    root# show | display set
    set version 15.1X49-D240.4
    set system root-authentication encrypted-password "$5$EtJGLyTz$41pz7b0Oxu0j51rYeUbQ4elxotsGmt4xGbWkQPV.UiB"
    set system name-server 8.8.8.8
    set system name-server 8.8.4.4
    set system name-server 192.168.1.1
    set system services ssh
    set system services netconf ssh
    set system services dhcp-local-server group jdhcp-group interface irb.0
    set system services web-management http
    set system services web-management https system-generated-certificate
    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
    set services application-identification
    set security utm feature-profile anti-virus type sophos-engine
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options default permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options content-size permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options engine-not-ready permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options timeout permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options out-of-resources permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV fallback-options too-many-requests permit
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV scan-options uri-check
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV scan-options content-size-limit 10000
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV scan-options timeout 180
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options virus-detection type message
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options virus-detection notify-mail-sender
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options virus-detection custom-message "VIRUS FOUND !!!!! BACK OFF !!!!!"
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options fallback-block type message
    set security utm feature-profile anti-virus sophos-engine profile Test-Sophos-AV notification-options fallback-block notify-mail-sender
    set security utm feature-profile web-filtering type juniper-enhanced
    set security utm feature-profile web-filtering juniper-enhanced cache timeout 1800
    set security utm feature-profile web-filtering juniper-enhanced cache size 500
    set security utm feature-profile web-filtering juniper-enhanced server host rp.cloud.threatseeker.com
    set security utm feature-profile web-filtering juniper-enhanced server port 80
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_Adult_Material action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_Social_Networking_and_Personal_Sites action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_Entertainment action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_News_and_Media action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced category Enhanced_Job_Search action block
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action very-safe log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action moderately-safe log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action fairly-safe log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action suspicious log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced site-reputation-action harmful log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced default log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced custom-block-message "WEBSITE BLOCKED !!!!!"
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced fallback-settings default log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced fallback-settings server-connectivity log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced fallback-settings timeout log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile Test-WF-Enhanced fallback-settings too-many-requests log-and-permit
    set security utm utm-policy Test-UTM-Policy anti-virus http-profile Test-Sophos-AV
    set security utm utm-policy Test-UTM-Policy web-filtering http-profile Test-WF-Enhanced
    set security utm utm-policy Test-UTM-Policy traffic-options sessions-per-client limit 200
    set security utm utm-policy Test-UTM-Policy traffic-options sessions-per-client over-limit log-and-permit
    set security screen ids-option untrust-screen icmp ping-death
    set security screen ids-option untrust-screen ip source-route-option
    set security screen ids-option untrust-screen ip tear-drop
    set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
    set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
    set security screen ids-option untrust-screen tcp syn-flood timeout 20
    set security screen ids-option untrust-screen tcp land
    set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
    set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
    set security policies from-zone trust to-zone trust policy trust-to-trust match application any
    set security policies from-zone trust to-zone trust policy trust-to-trust then permit
    set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
    set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
    set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
    set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit application-services utm-policy Test-UTM-Policy
    set security zones security-zone trust host-inbound-traffic system-services all
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/1.0
    set security zones security-zone untrust screen untrust-screen
    set security zones security-zone untrust interfaces ge-0/0/0.0
    set security zones security-zone MGMT host-inbound-traffic system-services all
    set security zones security-zone MGMT interfaces ge-0/0/4.0
    set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members Vlan10
    set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members Vlan10
    set interfaces ge-0/0/4 unit 0 family inet address 192.168.2.1/24
    set interfaces ge-0/0/7 unit 0 family inet dhcp-client vendor-id Juniper-srx320
    set interfaces cl-1/0/0 dialer-options pool 1 priority 100
    set interfaces dl0 unit 0 family inet negotiate-address
    set interfaces dl0 unit 0 family inet6 negotiate-address
    set interfaces dl0 unit 0 dialer-options pool 1
    set interfaces dl0 unit 0 dialer-options always-on
    set interfaces dl0 unit 0 dialer-options dial-string 1234
    set interfaces irb unit 0 family inet address 192.168.1.200/24
    set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1
    set protocols l2-learning global-mode transparent-bridge
    set protocols rstp interface all
    set access address-assignment pool junosDHCPPool family inet network 192.168.1.0/24
    set access address-assignment pool junosDHCPPool family inet range junosRange low 192.168.1.2
    set access address-assignment pool junosDHCPPool family inet range junosRange high 192.168.1.254
    set access address-assignment pool junosDHCPPool family inet dhcp-attributes router 192.168.1.1
    set access address-assignment pool junosDHCPPool family inet dhcp-attributes propagate-settings ge-0/0/0.0
    set vlans Vlan10 vlan-id 10
    set vlans Vlan10 l3-interface irb.0

    Thanks 
    Darwin

    ------------------------------
    DARWIN V. LAURENCIANO
    ------------------------------


  • 2.  RE: UTM in Transparent mode SRX

    Posted 02-16-2021 09:35
    Hi,

    You should share additional info such as srx model that u used.


    Thanks


  • 3.  RE: UTM in Transparent mode SRX

    Posted 02-16-2021 20:56
    Hi Kronicklez , Thank you for the response . 

    Currently i'm testing it in SRX320 appliance . But It need to be operational on SRX1500 unit . 

    Thanks

    ------------------------------
    DARWIN V. LAURENCIANO
    ------------------------------