Hi All
It looks like we have several nice predefined UTM profiles and policies which make life easier, such as
lab@jsrxB-2# show groups junos-defaults security utm utm-policy junos-av-wf-policy
anti-virus {
http-profile junos-av-defaults;
ftp {
upload-profile junos-av-defaults;
download-profile junos-av-defaults;
}
smtp-profile junos-av-defaults;
pop3-profile junos-av-defaults;
imap-profile junos-av-defaults;
}
web-filtering {
http-profile junos-wf-cpa-default;
}
But if we start to use them and then want to modify something, can we just edit the predefined profile? For example, I want to turn off antivirus's intelligent prescreening while keeping all other settings as default. Then my config will be just
set security utm feature-profile anti-virus kaspersky-lab-engine profile junos-av-defaults scan-options no-intelligent-prescreening
And
lab@jsrxB-2# show security policies
from-zone z1 to-zone z0 {
policy z1-z0 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
utm-policy junos-av-wf-policy;
}
}
}
}
}
Looks like it works. But is it totally ok and supported to edit those predefined profiles and policies? Or is it a better approach to create my own every time?