Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Mist AI SD-WAN Juniper Mist WAN Assurance Configuration Guide WAN Configuration for SRX Series Firewalls

Juniper Mist WAN Assurance Configuration Guide

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Mist WAN Assurance Configuration Guide
Table of Contents Expand all
list Table of Contents

Monitor the Service Status of SRX Series Firewalls

date_range 28-Jan-25
arrow_backward
arrow_forward

You can monitor the service status of the following features on your Juniper Networks® SRX Series Firewall in the Juniper Mist™ cloud portal:

  • Enhanced Web Filtering (EWF)

  • IDP

  • Application Security

You need a valid license for your SRX Series Firewall to use the feature. For more details about license requirements and installation, see Juniper Licensing User Guide.

On the SRX Series Firewall, use the show system license command to display the license name with expiry date.

content_copy zoom_out_map
user@host> show system license 
License usage: 
                                    Licenses      Licenses      Licenses      Expiry
   Feature name                         used     installed        needed 
   anti_spam_key_sbl                       0             1             0      2022-04-28 00:00:00 UTC
   idp-sig                                 0             1             0      2022-04-28 00:00:00 UTC
   dynamic-vpn                             0             2             0      permanent
   av_key_sophos_engine                    0             1             0      2022-04-28 00:00:00 UTC
   logical-system                          1             3             0      permanent
   wf_key_websense_ewf                     0             1             0      2022-04-28 00:00:00 UTC
   remote-access-ipsec-vpn-client          0             2             0      permanent

Licenses installed: 
   License identifier: DemoLabJUNOS386107562
   License version: 4
   Valid for device: CV4720AF0436
   Customer ID: Juniper Internal
   Features:
      av_key_sophos_engine - Anti Virus with Sophos Engine
         date-based, 2021-04-27 00:00:00 UTC - 2022-04-28 00:00:00 UTC
      anti_spam_key_sbl - Anti-Spam 
         date-based, 2021-04-27 00:00:00 UTC - 2022-04-28 00:00:00 UTC
      idp-sig - IDP Signature 
         date-based, 2021-04-27 00:00:00 UTC - 2022-04-28 00:00:00 UTC
      wf_key_websense_ewf - Web Filtering EWF
         date-based, 2021-04-27 00:00:00 UTC - 2022-04-28 00:00:00 UTC

Check EWF Status

To check Enhanced Web Filtering (EWF) configuration status:

  1. Confirm if EWF is enabled on your SRX Series Firewall in CLI operational mode:
    content_copy zoom_out_map
    user@host> show security utm web-filtering status 
UTM web-filtering status:    Server status: no-config
root@00c52c4c3204>

    The Server status: no-config indicates that the EWF is not configured.

  2. Configure EWF on your SRX Series Firewall using the CLI at the [edit] hierarchy level. Use configuration mode and commit the configuration.
    Note:

    We've captured the following configuration from a lab environment and provided it for reference purposes only. Your own configuration may vary based on the specific requirements of your environment.

    content_copy zoom_out_map
    [edit]
set system syslog file utm-log any any
set system syslog file utm-log match RT_UTM
set security utm custom-objects url-pattern blacklist value https://*.poki.com
set security utm custom-objects custom-url-category restricted value blacklist
set security utm default-configuration anti-virus type sophos-engine
set security utm default-configuration anti-virus scan-options uri-check
set security utm default-configuration anti-virus scan-options timeout 30
set security utm default-configuration anti-virus sophos-engine sxl-timeout 5
set security utm default-configuration web-filtering url-blacklist restricted
set security utm default-configuration web-filtering type juniper-enhanced
set security utm default-configuration web-filtering juniper-enhanced server host rp.cloud.threatseeker.com
set security utm default-configuration web-filtering juniper-enhanced server port 80
set security utm default-configuration web-filtering juniper-enhanced default permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Games action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Gambling action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Abused_Drugs action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Adult_Content action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Adult_Material action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Advanced_Malware_Command_and_Control action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Advanced_Malware_Payloads action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Bot_Networks action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Compromised_Websites action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Drugs action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Emerging_Exploits action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Files_Containing_Passwords action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Hacking action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Illegal_or_Questionable action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Keyloggers action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Malicious_Embedded_Link action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Malicious_Embedded_iFrame action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Malicious_Web_Sites action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Militancy_and_Extremist action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Mobile_Malware action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Network_Errors action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Newly_Registered_Websites action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Pay_to_Surf action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Phishing_and_Other_Frauds action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Potentially_Damaging_Content action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Potentially_Exploited_Documents action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Potentially_Unwanted_Software action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Racism_and_Hate action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Spyware action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Suspicious_Content action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Suspicious_Embedded_Link action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Unauthorized_Mobile_Marketplaces action block
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Alcohol_and_Tobacco action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Application_and_Software_Download action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Bandwidth action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Computer_Security action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Custom_Encrypted_Payloads action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Elevated_Exposure action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Entertainment action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Entertainment_Video action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_File_Download_Servers action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Freeware_and_Software_Download action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Instant_Messaging action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Internet_Auctions action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Internet_Radio_and_TV action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Intolerance action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Lingerie_and_Swimsuit action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Marijuana action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Media_File_Download action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Message_Boards_and_Forums action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Non_Traditional_Religions action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Non_Traditional_Religions_and_Occult_and_Folklore action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Nudity action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Parked_Domain action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Peer_to_Peer_File_Sharing action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Personals_and_Dating action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Prescribed_Medications action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Private_IP_Addresses action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Pro_Choice action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Pro_Life action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Proxy_Avoidance action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Sex action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Sex_Education action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Social_Networking_and_Personal_Sites action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Surveillance action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Tasteless action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Violence action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile wf-home category Enhanced_Web_and_Email_Spam action log-and-permit
set security utm utm-policy custom-utm-policy anti-virus http-profile junos-av-defaults
set security utm utm-policy custom-utm-policy web-filtering http-profile wf-home

  3. Check the status in CLI operational mode.

    content_copy zoom_out_map
    user@host> show security utm web-filtering status 
UTM web-filtering status: 
Server status: Juniper Enhanced using Websense server UP

    Now, the status changes to Server status: Juniper Enhanced using Websense server UP. This status indicates that the EWF service is enabled on your device.

  4. You can check the status in the Juniper Mist cloud portal as shown in Figure 1.

Check IDP Status

Before configuring Intrusion Detection and Prevention (IDP) you need to download and install the IDP security package using the following steps:

This example uses the IDP templates which you download and install as follows: .

  1. Download IDP template using the instructions in request security idp security-package download policy-templates command.
  2. Install the templates using the instructions in request security idp security-package install policy-templates command.
  3. Activate the template commit script
    content_copy zoom_out_map
    [edit]
user@host-1# set system scripts commit file templates.xsl

    The downloaded templates are saved to the Junos OS configuration database, and they are available in the CLI at the [edit security idp idp-policy] hierarchy level.

  4. Activate the predefined policy as the active policy. In this example, you use Recommended policy as active policy.

    content_copy zoom_out_map
    [edit]

user@host-1# set security idp default-policy Recommended
user@host-1# set security idp active-policy Recommended
    For a list of predefined IDP policy templates, see Predefined IDP Policy Templates.
  5. Enable the IDP policy in your configuration. Following snippet shows a configuration example.
    content_copy zoom_out_map
    set security idp idp-policy idpengine rulebase-ips rule 1 match from-zone any
set security idp idp-policy idpengine rulebase-ips rule 1 match source-address any 
set security idp idp-policy idpengine rulebase-ips rule 1 match to-zone any 
set security idp idp-policy idpengine rulebase-ips rule 1 match destination-address any 
set security idp idp-policy idpengine rulebase-ips rule 1 match application junos-echo 
set security idp idp-policy idpengine rulebase-ips rule 1 match attacks predefined-attack-groups Critical
    Example:
  6. Use the following commands in operational mode to check for the IDP policy status:
    • Recommended IDP policy: show security idp policies:
    • Policy name: show security idp policies
    • IDP status: show security idp status
    • Check the IDP status in Juniper Mist Cloud portal as shown in Figure 1 .

Configure Application Security

On your SRX Series Firewall, Application Security is enabled by default if you have a valid license. The OC-team ensures that all devices have the most up to date application signature version. If you want to change the version or install a custom version, see Predefined Application Signatures for Application Identification.

View Security Service Status in the Juniper Mist Cloud Portal

In the Juniper Mist cloud portal, you can view the status of security services under SECURITY SERVICES panel. Table 1 provides the details of the status.

Table 1: Security Services Status Display
Security Services Display Status Meaning
EWF Enabled Connection to the Websense server is up.
Disabled EWF is not configured on your device.
Down Connection to the Websense server is down.
IDP Enabled IDP is configured and the IDP policy is applied.
Disabled IDP is not configured. In this case, the IDP policy name is displayed blank.
Application Security Enabled Application security is enabled. The application signature version is displayed.
Disabled Application security is not enabled. The application signature version is displayed as zero.

Figure 1 shows security services status in Juniper Mist cloud portal.

Figure 1: Security Services Status Security Services Status
Note:

You can get details such as the presence or absence of a valid license and the status of the security services.

content_copy zoom_out_map
"service_status": {
      "idp_status": "disabled", // either "enabled" or "disabled"
      "idp_policy": "", // if the above is disabled this will be empty
      "appid_status": "disabled", // either "enabled" or "disabled"
      "ewf_status": "disabled", // either "enabled" (websense up), "disabled" (no config) or "down" (websense down)
      "appid_version": 0 // this will be 0 if appid_status is disabled, as we then don't check the version number
   },

Related Documentation

arrow_backward PREVIOUS Enable Application Visibility on SRX Series Firewalls
NEXT arrow_forward Upgrade a WAN Edge SRX Series Firewalls
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
Monitor the Service Status of SRX Series Firewalls
keyboard_arrow_right
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top

keyboard_arrow_down
file_download
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
language