SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  anti-virus policy

    Posted 07-20-2011 02:36

    Hi there,

    I have all my policies set up from trust to untrust and there's a deny all at the very bottom which logs to a syslog server.

     

    I've been asked though am I blocking typical viruses....I need to give an answer asap.

     

    Is there a policy which will block say typical microsoft exploitation port attacks or is there an anti virus section on the SRX platform?

     

    Many thanks,

     

    Paul


    #UTM
    #basics


  • 2.  RE: anti-virus policy

    Posted 07-20-2011 02:41

    Hi

    Do you have anything configured under [security utm]? Under [security idp]?
    If not, then you are NOT blocking any viruses or network attacks.
    To do this, you either need to configure antivirus (to scan files) or
    IDP (to scan traffic at layer 7 for network attacks). Both require subscription
    and high-memory version of SRX.



  • 3.  RE: anti-virus policy

    Posted 07-20-2011 03:56

    To configure anti-virus that means UTM?

     

    Also when I log into my srx via the webgui:

     

    Configure>Security>UTM>Anti-Virus> I see the Anti-Virus profiles configuration table with two entires:

     

    junos-av-defaults: kaspersky-lab-engine: UP: scan all

     

    Is this doing anything?

     

    Thanks,

     

    Paul

     

     



  • 4.  RE: anti-virus policy
    Best Answer

    Posted 07-20-2011 04:17

    Antivirus is a part of UTM feature set.

     

    The profiles you see are just default profiles. They are not doing anything if not applied to the policy.

    See p. 13 of

    http://www.juniper.net/us/en/local/pdf/app-notes/3500153-en.pdf

    for a quick configuration example. You will need an antivirus license to download/update

    your virus signatures.



  • 5.  RE: anti-virus policy

    Posted 07-20-2011 06:26

    Thanks PK 🙂