Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I have all my policies set up from trust to untrust and there's a deny all at the very bottom which logs to a syslog server.
I've been asked though am I blocking typical viruses....I need to give an answer asap.
Is there a policy which will block say typical microsoft exploitation port attacks or is there an anti virus section on the SRX platform?
HiDo you have anything configured under [security utm]? Under [security idp]?If not, then you are NOT blocking any viruses or network attacks.To do this, you either need to configure antivirus (to scan files) orIDP (to scan traffic at layer 7 for network attacks). Both require subscriptionand high-memory version of SRX.
To configure anti-virus that means UTM?
Also when I log into my srx via the webgui:
Configure>Security>UTM>Anti-Virus> I see the Anti-Virus profiles configuration table with two entires:
junos-av-defaults: kaspersky-lab-engine: UP: scan all
Is this doing anything?
Antivirus is a part of UTM feature set.
The profiles you see are just default profiles. They are not doing anything if not applied to the policy.
See p. 13 of
for a quick configuration example. You will need an antivirus license to download/update
your virus signatures.
Thanks PK 🙂