SRX Services Gateway
SRX Services Gateway

UTM process

03.05.12   |  
‎03-05-2012 08:44 AM

Hello,

 

I would like to be sure of UTM process.

Imagine Web Filtering (SurfControl), Content Filtering and Kasperksy Full-based AV enabled.

 

What is the next action if URL matches the URL whitelist of WebFiltering part ? traffic is accepted and other UTM features (CF & AV) are bypassed ? or WF is bypassed, and packet is now parsed in Content Filtering and after, Antivirus ?

 

Regards,

----------------------------------------------------------
JNCIP-SEC, Juniper Champion Ingenious
3 REPLIES
SRX Services Gateway

Re: UTM process

03.05.12   |  
‎03-05-2012 09:02 AM

The content filter module evaluates traffic before all other UTM modules except Web Filtering. 

 

So in your Case it would be as you said:

 

WF --->  CF ---> AV

 

AV will be applied after. 

 

If URL is blocked / blacklisted or whatever, the TCP connection is closed and no antivirus scanning is performed as all

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
SRX Services Gateway

Re: UTM process

03.05.12   |  
‎03-05-2012 09:23 AM

Thanks for your reply.

 

Here, my question is more what is the next action IF packet is accepted with URL whitelist of WF ? traffic is accepted and other UTM feature are bypassed (only for this session) ? OR packet is accepted for WF and next action is CF process (and AV process after) ?

 

Regards,

----------------------------------------------------------
JNCIP-SEC, Juniper Champion Ingenious
Highlighted
SRX Services Gateway

Re: UTM process

03.05.12   |  
‎03-05-2012 09:24 AM

Yes that is correct, after WF will come CF and then AV, in that order.  The other UTM features are not bypassed.

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]