Monday 24 March 2014

Junos software release 12.3R6

Junos software release 12.3R6 has been released. The software and documentation are available for download from the Juniper networks software download page.

Product Affected:

All Juniper Networks platforms running Junos Operating System software
at No comments:

Saturday 15 March 2014

Junos :Verifying Antivirus Configurations

General Scan Engine Status

Using the CLI, you can view the following scan engine status items:
Antivirus license key status
  • View license expiration dates.
Scan engine status and settings
  • View last action result.
  • View default file extension list.
Antivirus pattern update server settings
  • View update URL (HTTP or HTTPS-based).
  • View update interval.
Antivirus pattern database status
  • View auto update status.
  • View last result of database loading.
  • If the download completes, view database version timestamp virus record number.
  • If the download fails, view failure reason.
Example status result:
CLI: show security utm anti-virus status
AV Key Expire Date: 03/01/2010 00:00:00
Update Server: http://update.juniper-updates.net/AV/SRX210
interval: 60 minutes
auto update status: next update in 12 minutes
last result: new database loaded
AV signature version: 12/21/2008 00:35 GMT, virus records: 154018
Scan Engine Info: last action result: No error(0x00000000)

Session Status

Using the CLI, you can view the following session status items:
Antivirus session status displays a snapshot of current antivirus sessions. It includes
  • Maximum supported antivirus session numbers.
  • Total allocated antivirus session numbers.
  • Total freed antivirus session numbers.
  • Current active antivirus session numbers.
CLI: show security utm session

Verifying Antivirus Scan Results Using J-Web

View antivirus scan results using J-Web as follows:
  1. Select Monitor>UTM>Anti-Virus.
    The following information becomes viewable in the right pane.
    Antivirus license key status
    • View license expiration dates.
    Antivirus pattern update server settings
    • View update URL (HTTP or HTTPS-based).
    • View update interval.
    Antivirus pattern database status
    • View auto update status.
    • View last result of database loading.
    • If the download completes, view database version timestamp virus record number.
    • If the download fails, view failure reason.
    Antivirus statistics provide
    • The number of scan request being pre-windowed.
    • The total number of scan request forwarded to the engine.
    • The number of scan requests using scan-all mode.
    • The number of scan requests using scan-by-extension mode.
    Scan code counters provide
    • Number of clean files.
    • Number of infected files.
    • Number of password protected files.
    • Number of decompress layers.
    • Number of corrupt files.
    • When the engine is out of resources.
    • When there is an internal error.
    Fallback applied status provides either a log-and-permit or block result when the following has occurred
    • Scan engine not ready.
    • Password protected file found.
    • Decompress layer too large.
    • Corrupt file found.
    • Out of resources.
    • Timeout occurred.
    • Maximum content size reached.
    • Too many requests.
    • Other.
  2. You can click the Clear Anti-Virus Statistics button to clear all current viewable statistics and begin collecting new statistics.

Verifying Antivirus Scan Results Using the CLI

Using the CLI, you can view statistics for antivirus requests, scan results, and fallback counters.
Scan requests provide
  • The total number of scan request forwarded to the engine.
  • The number of scan request being pre-windowed.
  • The number of scan requests using scan-all mode.
  • The number of scan requests using scan-by-extension mode.
Scan code counters provide
  • Number of clean files.
  • Number of infected files.
  • Number of password protected files.
  • Number of decompress layers.
  • Number of corrupt files.
  • When the engine is out of resources.
  • When there is an internal error.
Fallback applied status provides either a log-and-permit or block result when the following has occurred
  • Scan engine not ready.
  • Maximum content size reached.
  • Too many requests.
  • Password protected file found.
  • Decompress layer too large.
  • Corrupt file found.
  • Timeout occurred.
  • Out of resources.
  • Other.
CLI: show security utm anti-virus statistics
at 1 comment:

Tuesday 4 March 2014

JUNOS : New Features - ALG Overview

An Application Layer Gateway (ALG) is a software component that is designed to manage specific protocols such as Session Initiation Protocol (SIP) or FTP on Juniper Networks devices running JUNOS Software. The ALG module is responsible for Application-Layer aware packet processing.
ALG functionality can be triggered either by a service or application configured in the security policy:
  • A service is an object that identifies an application protocol using Layer 4 information (such as standard and accepted TCP and UDP port numbers) for an application service (such as Telnet, FTP, SMTP, and HTTP).
  • An application specifies the Layer 7 application that maps to a Layer 4 service.
A predefined service already has a mapping to a Layer 7 application. However, for custom services, you must link the service to an application explicitly, especially if you want the policy to apply an ALG.
ALGs for packets destined to well-known ports are triggered by service type. The ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to permit the traffic to pass securely through the device:
  1. When a packet arrives at the device, the flow module forwards the packet according to the security rule set in the policy.
  2. If a policy is found to permit the packet, the associated service type or application type is assigned and a session is created for this type of traffic.
  3. If a session is found for the packet, no policy rule match is needed. The ALG module is triggered if that particular service or application type requires the supported ALG processing.
The ALG also inspects the packet for embedded IP address and port information in the packet payload, and performs Network Address Translation (NAT) processing if necessary. The ALG also opens a gate for the IP address and port number to permit data exchange for the session. The control session and data session can be coupled to have the same timeout value, or they can be independent.
at No comments:
Subscribe to: Posts (Atom)
loading...