SRX Services Gateway
Reply
Contributor
ludo
Posts: 26
Registered: ‎01-10-2008
0

UTM process

Hello,

 

I would like to be sure of UTM process.

Imagine Web Filtering (SurfControl), Content Filtering and Kasperksy Full-based AV enabled.

 

What is the next action if URL matches the URL whitelist of WebFiltering part ? traffic is accepted and other UTM features (CF & AV) are bypassed ? or WF is bypassed, and packet is now parsed in Content Filtering and after, Antivirus ?

 

Regards,

ludo
--------
JNCIP-SEC, JNCIA-FWV
Distinguished Expert
MMcD
Posts: 623
Registered: ‎07-20-2010
0

Re: UTM process

The content filter module evaluates traffic before all other UTM modules except Web Filtering. 

 

So in your Case it would be as you said:

 

WF --->  CF ---> AV

 

AV will be applied after. 

 

If URL is blocked / blacklisted or whatever, the TCP connection is closed and no antivirus scanning is performed as all

MMcD [JNCIP-SEC, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Contributor
ludo
Posts: 26
Registered: ‎01-10-2008
0

Re: UTM process

Thanks for your reply.

 

Here, my question is more what is the next action IF packet is accepted with URL whitelist of WF ? traffic is accepted and other UTM feature are bypassed (only for this session) ? OR packet is accepted for WF and next action is CF process (and AV process after) ?

 

Regards,

ludo
--------
JNCIP-SEC, JNCIA-FWV
Distinguished Expert
MMcD
Posts: 623
Registered: ‎07-20-2010
0

Re: UTM process

Yes that is correct, after WF will come CF and then AV, in that order.  The other UTM features are not bypassed.

MMcD [JNCIP-SEC, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.