Hi Guys,
I believe these two signature databases are pretty much the same, and that you would typically only need one. Am I right?
If so, what would be the expected behaviour if I had both of them installed on my SRX?
I'm trying to play and test UTM features. To block file upload/download via file-extensions..and it seems not to be working. My UTM session counter is not getting any hits.. Below are my config snippets...
So i'm trying to transfer a backup config file ive created, and this is going through..yet my config should not allow this. Are config files created by the "save" command automatically saved with ".config" extension ?
admin@srxA-1> show configuration security utm
custom-objects {
filename-extension {
Deny-extensions {
value config;
}
}
}
feature-profile {
content-filtering {
profile denied-content {
block-extension Deny-extensions;
}
}
}
utm-policy UTM-check {
content-filtering {
ftp {
upload-profile denied-content;
download-profile denied-content;
}
}
}
and the UTM enabled on the Security Policy as well:
admin@srxA-1> show configuration security policies from-zone Juniper-SV to-zone ACME-SV policy app-service-policy
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
utm-policy UTM-check;
inactive: application-firewall {
rule-set Allowed-services;
}
}
}
log {
session-init;
session-close;
}
}
Something also interesting...is that if I check that ftp session in detail, I see "Dynamic Application" is UNKNOWN. Could it be that junos:FTP cannot be identified?
admin@srxA-1> show security flow session session-identifier 2792
Session ID: 2792, Status: Normal
Flag: 0x400040
Policy name: Juniper-to-ACME/8
Source NAT pool: Null, Application: junos-ftp/1
Dynamic application: junos:UNKNOWN,
Maximum timeout: 1800, Current timeout: 1718
Session State: Valid
Start time: 81546, Duration: 1007
In: 172.20.101.10/55645 --> 172.20.201.1/21;tcp,
Interface: fe-0/0/4.101,
Session token: 0x7, Flag: 0x0x621
Route: 0xd0010, Gateway: 172.20.101.10, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 9, Bytes: 415
Out: 172.20.201.1/21 --> 172.20.101.10/55645;tcp,
Interface: .local..0,
Session token: 0x2, Flag: 0x0x630
Route: 0xfffb0006, Gateway: 172.20.201.1, Tunnel: 0
Port sequence: 0, FIN sequence: 2520512333,
FIN state: 1,
Pkts: 8, Bytes: 527
Total sessions: 1
Please let me know if I am missing something... Thanks...