Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Example: Configure Flow-Based Antivirus Policy

Overview

AI-Predictive Threat Prevention leverages flow-based antivirus policy. In this example, you’ll learn how to configure flow-based antivirus policy on your SRX Series Firewall using the CLI. It assumes you understand configuring security zones and security policies. See Example: Creating Security Zones.

Requirements

Before you begin

  • Verify that you have a Juniper antivirus license. For more information about how to verify licenses on your device, see Understanding Licenses for SRX Series Devices. A sample license information is given below:

  • The Juniper content delivery network (CDN) server, https://signatures.juniper.net/phase, must be reachable from the SRX Series Firewall.

  • SRX Series Firewall with Junos OS Release 22.4R1 or later.

Topology

Figure 1: Flow-based antivirus Flow-based antivirus

Let’s take a look at a typical enterprise network. An end user unknowingly visits a compromised Website and downloads a malicious content. This action results in compromise of the endpoint. The harmful content on the endpoint also becomes a threat to other hosts within the network. It is important to prevent the download of the malicious content.

You can use an SRX Series Firewall with flow-based antivirus to protect users from virus attacks and to prevent spreading of viruses in your system. The flow-based antivirus scans network traffic for viruses, trojans, rootkits, and other types of malicious code and blocks the malicious content immediately when detected.

This example creates a flow-based antivirus policy that has the following properties:

  • Policy name is av-policy

  • Block any file if its returned verdict is greater than or equal to 7 and create a log entry.

  • When there is an error condition, allow files to be downloaded and create a log entry.

Configuration

Step-by-step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

  1. Create the antivirus policy and block any file if its returned verdict is greater than or equal to 7.

  2. By default, your firewall downloads the signatures from the CDN server every five minutes.

    You can manually update the virus signature database by specifying the URL of the database server.

  3. Configure the firewall policy and apply the antivirus policy.

  4. Commit the configuration.

Results

From configuration mode, confirm your configuration by entering the show services anti-virus policy av-policy and show configuration |display set commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

Check the results of the configuration:

Verification

To verify the configuration is working properly, use the following steps:

Obtaining Information About the Current Antivirus Statistics

Purpose

After some traffic has passed through your SRX Series Firewall, check the statistics to see how many sessions were permitted, blocked, and so on according to your profile and policy settings.

Action

From operational mode, enter the show services anti-virus statistics command.

Sample Output

show services anti-virus statistics

Meaning

Viruses are identified and blocked.

See Also