SRX Services Gateway
SRX Services Gateway

Telnet Access took some Time

05.11.17   |  
‎05-11-2017 07:20 AM

Hey together,

i´m the new IT Consultant for the Juniper SRX for our customers. Now i´ve seen that there is implemented the kaspersky-lab-engine plugin on a SRX.
I have noticed that when i try to do a telnet on the Mailserver and the plugin is implemented then it took about 20 seconds till i get a respond. When i delete the "application-services" then i´ll get an instant respond in telnet.
Is it possible that this time effects also the respond to other mailserver? I just want be sure that the config of the antivirus plugin is done fine.

So the intend would be to scan every incomig mail for spam or virus pattern and block them if it´s positiv. But if it takes me up to 20 second to get a respond maybe there are some mailserver that will reject the connection.

Here are the configuration for the kaspersky-lab-engine:

 

utm {
        inactive: traceoptions {
            flag all;
        }
        application-proxy {
            inactive: traceoptions {
                flag all;
            }
        }
        feature-profile {
            anti-virus {
                type kaspersky-lab-engine;
                inactive: traceoptions {
                    flag all;
                }
                kaspersky-lab-engine {
                    pattern-update {
                        email-notify {
                            admin-email "koeppl@kolumbus-personal.de";
                            custom-message "Pattern UPDATE Done";
                            custom-message-subject "AV UPDATE COMPLETE";
                        }
                        url http://update.juniper-updates.net/AV/SRX110;
                        interval 120;
                    }
                }
            }
            anti-spam {
                inactive: traceoptions {
                    flag all;
                }
                sbl {
                    profile ANTI-SPAM-PROFILE {
                        sbl-default-server;
                        spam-action block;
                        custom-tag-string ***SPAM***;
                    }
                    profile junos-as-defaults {
                        sbl-default-server;
                        spam-action block;
                        custom-tag-string ****SPAM****;
                    }
                }
            }
        }
        utm-policy AV-SCAN-LAN-TO-WAN {
            anti-virus {
                http-profile junos-av-defaults;
                pop3-profile junos-av-defaults;
            }
        }
        utm-policy AV-AS-SCAN-MAIL-WAN-TO-LAN {
            anti-virus {
                smtp-profile junos-av-defaults;
            }
            anti-spam {
                smtp-profile junos-as-defaults;
            }
        }
        utm-policy AS-SCAN-MAIL {
            anti-spam {
                smtp-profile ANTI-SPAM-PROFILE;

 

from-zone INTERNET to-zone LAN {
            policy PERMIT-EXCHANGE-MAIL {
                match {
                    source-address any;
                    destination-address 192.168.100.6/32;
                    application junos-smtp;
                }
                then {
                    permit {
                        application-services {
                            utm-policy AV-AS-SCAN-MAIL-WAN-TO-LAN;
                        }
                    }
                    log {
                        session-init;
                        session-close;

Thanks for take a overview.

3 REPLIES
SRX Services Gateway

Re: Telnet Access took some Time

05.12.17   |  
‎05-12-2017 11:07 PM

HI Matthias,

 

 

Thanks for posting your query here.

 

I have a few queries on which I need your input-

 

  1. First of all by telnet to Mail server you mean to say that you are doing telnet on port 25?
  2. This telnet session is from the SRX or is it from a client in Internet Zone as per the security policy?
  3. What is the JUNOS version and SRX model you are using?
  4. Could you please provide me the below outputs when you test the traffic-
    1. show security utm anti-spam status
    2. show security utm anti-spam statistics
    3. show security utm anti-virus status
    4. show security utm anti-virus statistics

 

Thanks and Regards,

Pulkit Bhandari

 

SRX Services Gateway

Re: Telnet Access took some Time

[ Edited ]
05.19.17   |  
‎05-19-2017 12:38 AM

Good Morning Pulkit,

 

1. Yep I tried to test smtp port 25 per telnet.

2. The telnet session is from a client in the internet zone

3. It is a Juniper SRX110_H2 with Junos 12.3X48-D45.6

4. 

root@SRX-KOLUMBUS-STR-001> show security utm anti-spam status
SBL Whitelist Server:
SBL Blacklist Server:
    msgsecurity.juniper.net

DNS Server:
    Primary  :   208.67.222.222, Src Interface: fe-0/0/0
    Secondary:   208.67.220.220, Src Interface: fe-0/0/1
    Ternary  :  217.237.148.102, Src Interface: fe-0/0/2
root@SRX-KOLUMBUS-STR-001> show security utm anti-virus status
 UTM anti-virus status:

    Anti-virus key expire date: 2018-10-20 02:00:00
    Update server: http://update.juniper-updates.net/AV/SRX110
           Interval: 120 minutes
           Pattern update status: next update in 95 minutes
           Last result: download index file failed
    Anti-virus signature version: 05/19/2017 04:45 GMT, virus records: 471958
    Anti-virus signature compiler version: N/A
    Scan engine type: kaspersky-lab-engine
    Scan engine information: last action result: No error(0x00000000)
root@SRX-KOLUMBUS-STR-001> show security utm anti-virus statistics
 UTM Anti Virus statistics:

 Intelligent-prescreening passed:      20757
 MIME-whitelist passed:                26638
 URL-whitelist passed:                 0
 Session abort:                        2

 Scan Mode:
     scan-all:                         81694
     Scan-extension:                   0
 Scan Request:

  Total           Clean         Threat-found    Fallback
  102451          102448              0               5
 Fallback:

                           Log-and-permit         Block
  Engine not ready:                0                      0
  Password file:                   0                      0
  Decompress layer:                1                      0
  Corrupt files:                   0                      0
  Out of resources:                0                      0
  Timeout:                         0                      0
  Maximum content size:            4                      0
  Too many requests:               0                      0
  Others:                          0                      0

I hope i answered all your questions, otherwise let me knowSmiley Happy 

Thank youSmiley Happy

 

Matthias

 

Edit: Sry for the late answer was out of office for 1 week.

SRX Services Gateway

Re: Telnet Access took some Time

05.19.17   |  
‎05-19-2017 12:23 PM

Hi Matthius,

 

Thanks for the udpate and everything looks to be fine from the outputs.

 

It might need deeper investigation and hence i would suggest to log a case with JTAC on this issue.

 

Hope This Helps. Smiley Happy

 

Thanks and Regards,

Pulkit Bhandari