Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure the SMTP Emails Policy on the SRX Series Firewall

Unlike file scanning policies where you define an action permit or action block statement, with SMTP email management the action to take is defined in the Configure > Emails > SMTP window. All other actions are defined with CLI commands as before.

Shown below is an example policy with email attachments addressed in profile profile2.

In the above example, the email profile (profile2) looks like this:

The firewall policy is similar to before. The AAMW policy is place in trust to untrust zone. .See the example below.

Shown below is another example, using the show services advanced-anti-malware policy CLI command. In this example, emails are quarantined if their attachments are found to contain malware. A verdict score of 8 and above indicates malware.

Optionally you can configure forward and reverse proxy for server and client protection, respectively. For example, if you are using SMTPS, you may want to configure reverse proxy. For more information on configuring reverse proxy, see Configure Reverse Proxy on the SRX Series Firewall.

Use the show services advanced-anti-malware statistics CLI command to view statistical information about email management.

As before, use the clear services advanced-anti-malware statistics CLI command to clear the above statistics when you are troubleshooting.

For debugging purposes, you can also set SMTP trace options.

Before configuring the SMTP threat prevention policy, make sure you have done the following:

  • Define the action to take (quarantine or deliver malicious messages) and the end-user email notification in the Configure > Emails > SMTP window.

  • (Optional) Create a profile in the Configure > Device Profiles window to indicate which email attachment types to scan. Or, you can use the default profile.

The following steps show the minimum configuration. To configure the threat prevention policy for SMTP using the CLI:

  1. Create the Juniper ATP Cloud policy.
    • In this example, the policy name is smtppolicy1.

    • Associate the policy with the SMTP profile. In this example, it is the default_profile profile.

    • Configure your global threshold. If a verdict comes back equal to or higher than this threshold, then it is considered to be malware. In this example, the global threshold is set to 7.

    • Apply the SMTP protocol and turn on notification.

    • If the attachment has a verdict less than 7, create log entries.

    • When there is an error condition, send the email to the recipient and create a log entry.

  2. Configure the firewall policy to enable the advanced anti-malware application service.
  3. In this example, we will configure the reverse proxy.

    For reverse proxy:

    • Load the CA certificate.

    • Load the server certificates and their keys into the SRX Series Firewall certificate repository.

    • Attach the server certificate identifier to the SSL proxy profile.