Page 2
END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.juniper.net/support/eula.html.
® To obtain the most current version of all Juniper Networks technical documentation, see the product documentation page on the Juniper Networks website at http://www.juniper.net/techpubs/ If the information in the latest release notes differs from the information in the documentation, follow the product Release Notes.
Page 14
A policy term is a named structure new terms. that defines match conditions and actions. Identifies guide names. Junos OS CLI User Guide Identifies RFC and Internet draft titles. RFC 1997, BGP Communities Attribute Italic text like this Represents variables (options for which Configure the machine’s domain name:...
We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods: Online feedback rating system—On any page of the Juniper Networks TechLibrary site , simply click the stars to rate the content, http://www.juniper.net/techpubs/index.html and use the pop-up form to provide us with information about your experience.
Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/ Search technical bulletins for relevant hardware and software notifications: http://kb.juniper.net/InfoCenter/ Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/ Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/...
The SRX Series are based on Junos OS, a full-featured networking operating system that is optimized to provide maximum performance and efficient network security. The SRX Series range from lower-end branch devices designed to secure small distributed enterprise locations to high-end devices designed to secure enterprise infrastructure, data centers, and server farms.
To install or update your license automatically, your device must be connected to the Internet . user@srx210-host> request system license update Trying to update license keys from https://ae1.juniper.net, use 'show system license' to check status. Install the licenses manually on the device.
Page 75
Violence { action block; Weapons { action block; Web_based_Email { action permit; default log-and-permit; custom-block-message "Juniper Web Filtering has been set to block this site."; fallback-settings { default log-and-permit; server-connectivity log-and-permit; timeout log-and-permit; too-many-requests log-and-permit; websense-redirect { profile junos-wf-websense-default { custom-block-message "Juniper Web Filtering has been set to block this site.";...
Page 77
Enhanced_Malicious_Embedded_Link { action block; Enhanced_Malicious_Embedded_iFrame { action block; Enhanced_Suspicious_Embedded_Link { action block; default log-and-permit; custom-block-message "Juniper Web Filtering has been set to block this site."; fallback-settings { default log-and-permit; server-connectivity log-and-permit; timeout log-and-permit; too-many-requests log-and-permit; Related Understanding Unified Threat Management for Branch SRX Series on page 49...
Download and install the signature database—You must download and install the IDP signature database. The signature databases are available as a security package on the Juniper Networks website. This database includes attack object and attack object groups that you can use in IDP policies to match traffic against known attacks.
DMZ zone against the IDP rulebases. As a first step, you must download and install the signature database from the Juniper Networks website. Next, download and install the predefined IDP policy templates and activate the predefined policy Recommended as the active policy.
Page 82
[edit] user@host# set system scripts commit file templates.xsl Commit the configuration. The downloaded templates are saved to the Junos OS configuration database, and they are available in the CLI at the [edit security idp hierarchy level.
Page 83
Keep in mind the following points: Security policy on order on SRX Series device is important because Junos OS performs a policy lookup starting from the top of the list, and when the device finds a match for the traffic received, it stops policy lookup.
Chassis clustering provides network node redundancy by grouping a pair of the same kind of supported SRX Series into a cluster. The devices must be running Junos OS. To form a chassis cluster, a pair of the same kind of supported SRX Series are combined to act as a single system that enforces the same overall security.
(PKI), policies, resource manager, rules, screens, secure shell known hosts, trace options, user identification, Unified Threat Management (UTM), and zones. Statements that are exclusive to the SRX Series devices running Junos OS are described in this section. Each of the following topics lists the statements at a sub-hierarchy of the [edit security] hierarchy.
Sample Output request system license update user@host> request system license update Request to automatically update license keys from https://ae1.juniper.net has been sent, use show system license to check status. request system license update trial user@host> request system license update trial Request to automatically update trial license keys from https://ae1.juniper.net...
Command introduced in Junos OS Release 8.5. Support for filter and view options added in Junos OS Release 10.2. Application firewall, dynamic application, and logical system filters added in Junos OS Release 11.2. Policy ID filter added in Junos OS Release 12.3X48-D10.
Syntax show security idp active-policy Release Information Command introduced in Junos OS Release 9.2. Description Display information about the policy name and running detector version with which the policy is compiled from the IDP data plane module.
Release Information Command introduced in Junos OS Release 9.2. Multiple detector information introduced in Junos OS Release 10.1. Output changed to support IDP dedicated mode in Junos OS Release 11.2. Description Display the status of the current IDP policy.
<logical-system (logical-system-name | all)> <root-logical-system> Release Information Command introduced in Junos OS Release 9.2. Support for IPv6 logical systems added in Junos OS Release 12.1X45-D10. Description Display a summary of Network Address Translation (NAT) destination pool information.
<global> Release Information Command modified in Junos OS Release 9.2. Support for IPv6 addresses added in Junos OS Release 10.2. Support for IPv6 addresses in active/active chassis cluster configurations in addition to the existing support of active/passive chassis cluster configurations added in Junos OS Release 10.4.
Release Information Command introduced in Junos OS Release 9.5. Support for UTM in chassis cluster added in Junos OS Release 11.4. Description Display general UTM session information including all allocated sessions and active sessions. Also, display information from both nodes in a chassis cluster.
Release Information Command introduced in Junos OS Release 9.5. Support for UTM in chassis cluster added in Junos OS Release 11.4. Description Display whether the UTM service is running or not and status of both the nodes (with full chassis cluster support for UTM).
Getting Started Guide for Branch SRX Series show security zones Syntax show security zones <detail | terse> < zone-name > Release Information Command introduced in Junos OS Release 8.5. The Description output field added in Junos OS Release 12.1. Description Display information about security zones. Options none—Display information about all zones.
Syntax show system license <installed | keys | status | usage> Release Information Command introduced in Junos OS Release 9.5. Logical system status option added in Junos OS Release 11.2. Description Display licenses and information about how licenses are used.
Syntax show system services dhcp client < interface-name > <statistics> Release Information Command introduced in Junos OS Release 8.5. Description Display information about DHCP clients. Options none—Display DHCP information for all interfaces. interface-name —(Optional) Display DHCP information for the specified interface.