SRX UTM Sophos Antivirus

On the previous post, I wrote about UTM Webfiltering. This post will provide a basic configuration example of Sophos Antivirus. Below is the simple topology we will use on this lab.


Like web filtering configuration we must configure a feature profile for antivirus as well and a profile under sophos-engine. Again you shouldn’t forget to set “type sophos-engine” command without which you don’t really tell junos which engine (i.e sophos,kaspersky) you want to use.

In the scan-options we also instruct sophos engine not to scan more than 15M content and other options are self explanatory I believe.

After configuring the feature profile, we must assign this under a utm policy.

Now we must apply this utm policy in our security policy

Now I did a commit and checked the sophos status immediately two times.

As you can see first antivirus signature isn’t loaded but short time later, engine becomes ready. Make sure your SRX has a name-server configured for this to work.

Now I would like to emphasis the “type sophos-engine” option. If you don’t set it you will get an output like below as if you haven’t configure anything. So don’t forget it.

To try the antivirus, I have download eicar sample and I have got the message “Juniper Sophos has detected a virus” as configured. Statistics also show that a virus has been found

You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.