JNCIS-SEC [ Introduction to UTM ]

JNCIS-SEC exam has recently added UTM into its topic list  which I think makes the exam more difficult. I will try to summarize what I get from Junos Security Guide and present my configuration. Lets start with the first Introduction to UTM

Unified Thread Management (UTM) is used to describe the consolidation of several security features into one device.  Security features provided are;

1) Antispam
2) Full File-Based Antivirus: It provides file scanning for viruses against a virus signature database. It first collects packets and then reconstructs the application content (e.g an attachment) and scans the file. Kaspersky Lab provides the scanning engine.
3) Express Antivirus:  It is a less CPU intensive operation though it scans files against a signature database. Unlike full antivirus, it streams received data packages to the scan engine.  Virus scanning is handled by a hardware pattern matching engine and Juniper provides the scan engine.
4) Content Filtering: Blocking certain types of traffic based on MIME type, embedded objects etc.”
5) Web filtering: Preventing access to inappropriate content.  Three types of filtering available

a) Integrated web filtering
b) Redirect web filtering
c) Juniper Local Web Filtering

 TIP:  UTM requires 1GB memory because of which, you can’t use it in srx devices such as SRX-240B. B stands for BASE and it has 512M memory. You must have something like SRX-240H . H stands for HIGH and it has 1GB memory.

License management is done via the following operational command;