Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Content Security Overview

Content Security integrates multiple security functions to protect against various threats. With Content Security, you can easily deploy and manage diverse security features.

The Content Security solution includes the following security features:

  • Antispam—E-mail spam is comprised of intrusive messages often from commercial, nefarious, or deceitful sources. This feature scrutinizes incoming e-mails to pinpoint spam. If the system flags an e-mail as spam, it chooses to either delete it or mark the message's header or subject line with a predetermined label. This antispam mechanism employs the consistently refreshed Spamhaus Block List (SBL), which is curated and kept current by Sophos.

  • Full file-based antivirus—A virus is a piece of code that replicates by attaching to other executable files. While some viruses delete files or cause system crashes, others replicate and flood the host or network with false information. The comprehensive file-based antivirus feature conducts scanning of files within particular application layer traffic, comparing them to a database of virus signatures. This feature gathers incoming data packets until it has pieced together the initial application content, like an email attachment, for scanning.

  • Express antivirus—Express antivirus scanning is a lower CPU usage option compared to full antivirus, scanning application layer traffic using a signature database without reconstructing the original content. Data packets are streamed directly to a hardware-based scanning engine, speeding up the process at the expense of reduced security. Juniper Networks supplies the scanning engine.

  • Content filtering—Content filtering allows or restricts specific kinds of network traffic according to the MIME type, file extension, protocol command, and types of embedded objects.

  • Web filtering—Web filtering controls Internet usage by blocking access to unsuitable content. The available Web filtering options include:

    • Integrated Web filtering—Allows or prohibits Web access by categorizing URLs through user-defined categories or a category server. Websense supplies the SurfControl Content Portal Authority (CPA) server.

    • Redirect Web filtering—Captures HTTP requests and redirects the server URL to an external Web filtering server which decides whether to allow or deny web access. Websense supplies the Web filtering server.

Note:

The Junos CLI commands continue to use the UTM legacy term for Content Security.

You can configure and edit the Content Security settings. To access this page, select SRX > Security Subscriptions > Content Security > Content Security Settings.

Content Security Licensing

Every component within the Content Security framework needs a valid license, except for content filtering, which operates according to the settings that are specified in its profile. The reason behind this is Juniper Networks' use of continually refreshed third-party technology, ensuring that inspection capabilities remain current.

Content Security Components

Components of Content Security encompass custom objects, feature profiles, and Content Security profiles, all configurable on the SRX Series Firewalls. Feature profiles dictate the configuration of a feature before they are integrated into Content Security profiles, which are subsequently incorporated into firewall policies, as depicted in Figure 1.

Figure 1: Content Security Components Content Security Components

Content Security profiles do not possess a unique seven-tuple rulebase; rather, they effectively adopt the rules from the associated firewall rule. The Content Security function filters Web content which helps configure the content customization for individual users or groups.

  • Custom objects—SRX Series Firewalls have predefined feature profiles suitable for common scenarios. For particular needs such as Web filtering, antivirus filtering, and content filtering, you might have to create custom objects.

  • Feature profiles—Feature profiles define the operational characteristics of individual components. Multiple feature profiles can be configured and implemented through a variety of Content Security profiles with firewall regulations.

  • Content Security profiles—Content Security profiles serve as a logical container for separate feature profiles. They are designated for specific traffic streams, identified by the categorization of rules within the firewall's policy framework. Separate Content Security profiles can be assigned per firewall rule for tailored enforcement that is based on each specific rule. In essence, the firewall's rule base determines the matching conditions, while the Content Security profile dictates the consequent action.

  • Security policy—Predefined Content Security policies comprise preset feature profiles that can be implemented in the firewall policy rules. The predefined Content Security policies are:

    • default-utm-policy
    • sopohos-av-policy
    • je-wf-policy
    • sopohos-je-av-wf-policy