Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series - Helion
ISBN: 978-14-493-3904-3
stron: 1020, Format: ebook
Data wydania: 2013-06-07
Księgarnia: Helion
Cena książki: 254,15 zł (poprzednio: 299,00 zł)
Oszczędzasz: 15% (-44,85 zł)
This complete field guide, authorized by Juniper Networks, is the perfect hands-on reference for deploying, configuring, and operating Juniper’s SRX Series networking device. Authors Brad Woodberg and Rob Cameron provide field-tested best practices for getting the most out of SRX deployments, based on their extensive field experience.
While their earlier book, Junos Security, covered the SRX platform, this book focuses on the SRX Series devices themselves. You'll learn how to use SRX gateways to address an array of network requirements—including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. Along with case studies and troubleshooting tips, each chapter provides study questions and lots of useful illustrations.
- Explore SRX components, platforms, and various deployment scenarios
- Learn best practices for configuring SRX’s core networking features
- Leverage SRX system services to attain the best operational state
- Deploy SRX in transparent mode to act as a Layer 2 bridge
- Configure, troubleshoot, and deploy SRX in a highly available manner
- Design and configure an effective security policy in your network
- Implement and configure network address translation (NAT) types
- Provide security against deep threats with AppSecure, intrusion protection services, and unified threat management tools
Osoby które kupowały "Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series", wybierały także:
- MPLS in the SDN Era. Interoperable Scenarios to Make Networks Scale to New Services 268,48 zł, (220,15 zł -18%)
- Wireless Hacks. Tips & Tools for Building, Extending, and Securing Your Network. 2nd Edition 94,98 zł, (80,73 zł -15%)
- Juniper QFX10000 Series. A Comprehensive Guide to Building Next-Generation Data Centers 226,34 zł, (194,65 zł -14%)
- SDN: Software Defined Networks. An Authoritative Review of Network Programmability Technologies 226,34 zł, (194,65 zł -14%)
- Asterisk: The Definitive Guide. The Future of Telephony Is Now. 4th Edition 176,92 zł, (152,15 zł -14%)
Spis treści
Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series eBook -- spis treści
- Juniper SRX Series
- Foreword
- Preface
- How to Use This Book
- Whats in This Book?
- Conventions Used in This Book
- Using Code Examples
- Safari Books Online
- How to Contact Us
- Acknowledgments
- 1. Welcome to the SRX
- Evolving into the SRX
- ScreenOS to Junos
- Inherited ScreenOS features
- Device management
- ScreenOS to Junos
- The SRX Series Platform
- Built for Services
- Deployment Solutions
- Small Branch
- Medium Branch
- Large Branch
- Data Center
- Data Center Edge
- Data Center Services Tier
- Service Provider
- Mobile Carriers
- Cloud Networks
- The Junos Enterprise Services Reference Network
- Summary
- Study Questions
- Evolving into the SRX
- 2. SRX Series Product Lines
- Branch SRX Series
- Branch-Specific Features
- SRX100 Series
- SRX200 Series
- Interface modules for the SRX200 line
- SRX500 Series
- SRX600 Series
- Interface modules for the SRX600 line
- JunosV Firefly (Virtual Junos)
- AX411
- CX111
- Branch SRX Series Hardware Overview
- Licensing
- Branch Summary
- Data Center SRX Series
- Data Center SRX-Specific Features
- SPC
- NPU
- Data Center SRX Series Session Setup
- Data Center SRX Series Hardware Overview
- SRX1000 Series
- SRX3000 Series
- IOC modules
- SRX5000 Series
- NG-SPC
- IOC modules
- Summary
- Study Questions
- Branch SRX Series
- 3. SRX GUI Management
- J-Web: Your On-Box Assistant
- Dashboard
- Chassis view
- Informational panels
- Device Configuration
- Task wizards
- Committing the configuration
- Interfaces
- Firewall policies
- Point and click CLI
- Monitoring Your SRX
- Interface monitoring
- Traffic reports
- Operational Tasks
- Software management
- Configuration management
- Rebooting
- Disk management
- Troubleshooting from J-Web
- Packet capture
- Network connectivity
- Dashboard
- Centralized Management
- Space: The Final Frontier of Management
- The Junos Space ecosphere
- Security Director
- Firewall policy management
- Log Management with STRM
- Reporting with STRM
- Legacy Security Management
- Using NSM
- Space: The Final Frontier of Management
- Summary
- Study Questions
- J-Web: Your On-Box Assistant
- 4. SRX Networking Basics
- Interfaces
- Physical Interfaces
- Management Interfaces
- Virtual Interfaces
- Logical Interfaces
- Switching Configuration
- Aggregate Interfaces
- LACP protocol
- Transparent Interfaces
- Zones
- Security Zones
- Functional Zones
- Basic Protocols
- Static Routing
- Dynamic Routing Protocols
- Spanning Tree
- Routing Instances
- Routing Instance Types
- Configuring Routing Instances
- Flow Mode and Packet Mode
- Sample Deployment
- Summary
- Study Questions
- Interfaces
- 5. System Services
- System Services Operation on the SRX
- System Services and the Control Plane
- System services that operate on the control plane
- System Services and the Data Plane
- Accounts for Administrative Users
- Configuring local users
- Creating a login class
- Remote authentication
- Accessing System Services: Control Plane Versus Data Plane
- Configuring a stateless firewall filter to control traffic on fxp0
- Configuring a stateless firewall filter to control all inbound management traffic
- Configuring a security policy to control data plane management traffic
- Zone-Based Service Control
- Configuring system services and protocols per zone or interface
- System Services and the Control Plane
- Management Services
- Command-Line Interfaces
- Configuring console options
- Configuring Telnet access
- Configuring SSH access
- Web Management on the SRX
- Enabling NetConf over SSH
- Command-Line Interfaces
- SNMP Management
- Configuring SNMP Management
- Configuring SNMP Traps
- SNMP in High Availability Chassis Clusters
- Junos SNMP MIB
- Networking Services
- Network Time Protocol
- Manually configuring SRX time
- Configuring the SRX as an NTP client
- Configuring the SRX as an NTP server
- Domain Name System
- Configuring the SRX as a DNS client
- Configuring the SRX as a proxy server
- Dynamic Host Configuration Protocol
- Configuring the SRX as a DHCP server
- Configuring the SRX as a DHCP client
- Configuring the SRX as a DHCP relay server
- Network Time Protocol
- SRX Logging and Flow Records
- Control Plane Versus Data Plane Logs
- Data plane logs: Event versus Stream mode
- Configuring control plane logging on the SRX
- Configuring Stream mode logging on the data plane
- Syslog format types
- Configuring Event mode logging to the control plane
- Tips for Viewing Syslog Messages
- JFlow on the SRX
- Control Plane Versus Data Plane Logs
- Best Practices
- Troubleshooting and Operation
- Viewing the System Connection Table
- Viewing the Services/Counters on the Interface
- Checking NTP Status
- Checking SNMP Status
- DHCP Operational Mode Commands
- Viewing Security Logs Locally
- Checking for Core Dumps
- Restarting Platform Daemons
- Troubleshooting Individual Daemons
- Summary
- Study Questions
- System Services Operation on the SRX
- 6. Transparent Mode
- Transparent Mode Overview
- When to Use Transparent Mode
- Segmenting a Layer 2 domain
- Complex routing environments
- Separation of duties
- Existing transparent mode infrastructure
- MAC Address Learning
- Transparent Mode and Bridge Loops, Spanning Tree Protocol
- Transparent Mode Limitations
- Transparent Mode Components
- Interfaces, family bridge, and bridge domains in transparent mode
- Interface Modes in Transparent Mode
- Bridge Domains
- IRB Interfaces
- Transparent Mode Zones
- Transparent Mode Security Policy
- Transparent Mode Specific Options
- QoS in Transparent Mode
- VLAN Rewriting
- High Availability with Transparent Mode
- Spanning Tree Protocol in transparent mode Layer 2 deployments
- Transparent Mode Flow Process
- Slow-path SPU packet processing
- Fast-path SPU packet processing
- Session teardown
- When to Use Transparent Mode
- Configuring Transparent Mode
- Configuring Transparent Mode Basics
- Traditional Switching
- Configuring Integrated Routing and Bridging
- Configuring Transparent Mode Security Zones
- Configuring Transparent Mode Security Policies
- Configuring Bridging Options
- Restricting BPDUs to VLANs
- Configuring Transparent Mode QoS
- Configuring VLAN Rewriting
- Troubleshooting and Operation
- The show bridge domain Command
- The show bridge mac-table Command
- The show l2-learning global-information Command
- The show l2-learning global-mac-count Command
- The show l2-learning interface Command
- Transparent Mode Troubleshooting Steps
- Sample Deployments
- Summary
- Study Questions
- Transparent Mode Overview
- 7. High Availability
- Understanding High Availability in the SRX
- Chassis Cluster
- The Control Plane
- The Data Plane
- Getting Started with High Availability
- Cluster ID
- Node ID
- Redundancy Groups
- Interfaces
- Deployment Concepts
- Active/passive
- Active/active
- Mixed mode
- Six pack
- Preparing Devices for Deployment
- Differences from Standalone
- Activating Juniper Services Redundancy Protocol
- Managing Cluster Members
- Configuring the Control Ports
- Configuring the Fabric Links
- Configuring the Switching Fabric Interface
- Node-Specific Information
- Configuring Heartbeat Timers
- Redundancy Groups
- Integrating the Cluster into Your Network
- Configuring Interfaces
- Fault Monitoring
- Interface Monitoring
- IP Monitoring
- Hardware Monitoring
- Route engine
- Switch control board
- Switch fabric board
- Services Processing Card/Next Generation Services Processing Card
- Network Processing Card
- Interface card
- Control link
- Data link
- Control link and data link failure
- Power supplies
- Software Monitoring
- Preserving the Control Plane
- Troubleshooting and Operation
- First Steps
- Checking Interfaces
- Verifying the Data Plane
- Core Dumps
- The Dreaded Priority Zero
- When All Else Fails
- Manual Failover
- Sample Deployments
- Summary
- Study Questions
- Understanding High Availability in the SRX
- 8. Security Policies
- Packet Flow
- Security Policy Criteria and Precedence
- Security Policy Precedence
- Top to Bottom Policy Evaluation
- Security Policy Components in Depth
- Match Criteria
- Security zones
- One interface per zone versus multiple interfaces per zone
- Configuring security zones
- Address books
- Address objects
- IP prefix address objects
- Configuring IP prefix address objects
- DNS address objects
- Configuring DNS address objects
- IP range objects
- Configuring IP range objects
- Wildcard address objects
- Configuring wildcard address objects
- Address sets
- Configuring address sets
- Application objects
- Application sets
- Configuring applications and application sets
- Source-Identity
- Negated source and destination objects
- Schedulers
- Configuring schedulers
- Security zones
- Action Criteria
- Permit options
- Configuring security policies
- Host security policies
- Configuring a policy to restrict inbound or outbound management requests
- Application Layer Gateways
- Enabling an ALG example
- Match Criteria
- Best Practices
- Troubleshooting and Operation
- Viewing Security Policies
- Security policy tools
- Viewing the Firewall Session Table
- Sample firewall logs
- Monitoring Interface Counters
- Performing a Flow Trace
- Performing a Packet Capture on SRX Branch
- Performing a Packet Capture on the High-End SRX
- Viewing Security Policies
- Sample Deployment
- Summary
- Study Questions
- 9. Network Address Translation
- The Need for NAT
- NAT as a Security Component?
- Junos NAT Fundamentals
- Junos NAT Types
- NAT Precedence in the Junos Event Chain
- NAT type precedence
- Junos NAT Components
- Rulesets
- Static NAT rulesets
- Destination NAT rulesets
- Source NAT rulesets
- NAT ruleset precedence
- NAT ruleset precedence example
- NAT Interfaces, Pools, and Mapping Objects
- Static NAT transforms
- Source NAT transforms
- Interfaces
- Pools
- Destination NAT pools
- NAT Rules
- NAT and Security Policies
- Proxy-ARP and Proxy-NDP
- Configuring Proxy-ARP/NDP
- When you dont need Proxy-ARP/NDP
- Configuring Proxy-ARP/NDP
- Rulesets
- Junos NAT in Practice
- Static NAT
- Static NAT one-to-one mapping
- Static NAT many-to-many mapping
- Option 1: NAT44/NAT66
- Option 2: NAT46 Static mapping
- Option 3: NAT 64 automatic translation
- Source NAT
- Source NAT with interfaces
- Source NAT with pools and interfaces
- Other SRX source NAT configuration options
- Destination NAT
- Configuration destination NAT
- Combination Source and Destination NAT
- No-NAT with Source or Destination NAT
- Static NAT
- Best Practices
- Troubleshooting and Operation
- NAT Rule and Usage Counters
- Viewing the Session Table
- View NAT Errors
- View Firewall Logs with NAT
- Flow Debugging with NAT
- Source NAT
- Destination NAT
- Static NAT
- Sample Deployment
- Summary
- Study Questions
- The Need for NAT
- 10. IPsec VPN
- VPN Architecture Overview
- Site-to-Site IPsec VPNs
- Hub and Spoke IPsec VPNs
- Full Mesh VPNs
- Partial Mesh VPNs
- Remote Access VPNs
- IPsec VPN Concepts Overview
- IPsec Encryption Algorithms
- IPsec Authentication Algorithms
- IKE Version 1 Overview
- Phase 1 IKE negotiation modes
- Main mode
- Aggressive mode
- Phase 2 IKE negotiation modes
- Perfect Forward Secrecy
- Quick mode
- Proxy ID negotiation
- Phase 1 IKE negotiation modes
- IKE Version 2
- IKEv1 versus IKEv2
- IPsec VPN Protocol
- IPsec VPN Mode
- IPsec Manual Keys
- IPv6 and IPsec on the SRX
- IKE Negotiations
- IKE Authentication
- Preshared key authentication
- Certificate authentication
- IKE Identities
- IKE Authentication
- Flow Processing and IPsec VPNs
- SRX VPN Types
- Policy-Based VPNs
- Route-Based VPNs
- Numbered versus unnumbered st0 interfaces
- Point-to-point versus point-to-multipoint VPNs
- Special point-to-multipoint attributes
- Point-to-multipoint NHTB
- Which should you use: Policy- or route-based VPN?
- Other SRX VPN Components
- Dead Peer Detection
- VPN Monitoring
- XAuth
- NAT Traversal
- Anti-Replay Protection
- Fragmentation
- Differentiated Services Code Point
- IKEv1 Key Lifetimes
- Network Time Protocol
- Certificate Validation
- Simple Certificate Enrollment Protocol
- Group VPN
- Dynamic VPN
- Selecting the Appropriate VPN Configuration
- IPsec VPN Configuration
- Configuring NTP
- Certificate Preconfiguration Tasks
- Phase 1 IKE Configuration
- Configuring Phase 1 proposals
- Configuration for Remote-Office1 proposal with preshared keys
- Configuration for Remote-Office1 proposal with certificates
- Configuring IKEv1 Phase 1 policies
- Configuring IKEv1 Phase 1 IKE policy with preshared key, Main mode
- Configuring IKEv1 Phase 1 IKE policy with preshared key, Aggressive mode
- Configuring IKEv1 Phase 1 IKE policy with certificates
- Configuring IKEv1 Phase 1 gateways
- Configuring an IKEv1 gateway with static IP address and DPD
- Configuring dynamic gateways and remote access clients
- Configuring an IKE gateway with a dynamic IP address
- Configuring an IKEv1 remote access client
- Configuring Phase 1 proposals
- Phase 2 IKE Configuration
- Configuring IKEv1 Phase 2 proposals
- Configuring an IKEv1 Phase 2 proposal for remote offices and client connections
- Configuring Phase 2 IPsec policy
- Configuring an IPsec policy defining the Phase 2 proposal
- Configuring common IPsec VPN components
- Configuring a common site-to-site VPN component
- Configuring IKEv1 Phase 2 proposals
- IKEv1 Versus IKEv2 Configuration
- Configuring policy-based VPNs
- Configuring a policy-based VPN for the East Branch to the Central site VPN
- Configuring route-based VPNs
- Configuring policy-based VPNs
- IPsec and SRX HA
- IPsec termination in HA
- ISSU for VPN
- Dynamic VPN
- Best Practices
- Troubleshooting and Operation
- Useful VPN Commands
- show security ike security-associations
- show security ipsec security-associations
- show security ipsec inactive-tunnels
- show security ipsec statistics
- Checking interface statistics
- VPN Tracing and Debugging
- VPN troubleshooting process
- Configuring and analyzing VPN tracing
- Useful VPN Commands
- Sample Deployments
- Site-to-Site VPN
- Remote Access VPN
- IPsec Caveats on SRX
- Summary
- Study Questions
- VPN Architecture Overview
- 11. Screens and Flow Options
- A Brief Review of Denial-of-Service Attacks
- Exploit-Based DoS
- Flood-Based DoS
- DoS Versus DDoS
- Screen Theory and Examples
- How Screens Fit into the Packet Flow
- Screen Processing only happens on the ingress interface
- Screens in Hardware and Software
- Screen Profiles
- Packet versus threshold Screens
- Applying Screen profiles to single and multiple zones
- Configuring a Screen profile
- DoS Attacks with IP Protocols
- Bad IP Option Screen
- Configuring Bad IP Option Screen
- Block Frag Screen
- Configuring Block Frag Screen
- Route Option Screens
- Configuring Route Option Screens
- IP Security Option Screen
- Configuring the IP Security Option Screen
- IP Spoofing Screen
- Configuring the IP Spoofing Screen
- IP Stream Option Screen
- Configuring the IP Stream Option Screen
- IP Tear Drop Screen
- Configuring the IP Tear Drop Screen
- IP Timestamp Option Screen
- Configuring the IP Timestamp Option Screen
- Unknown IP Protocol Screen
- Configuring the Unknown IP Protocol Screen
- Bad IP Option Screen
- DoS Attacks with ICMP
- ICMP Flood Screen
- Configuring the ICMP Flood Screen
- ICMP Fragment Screen
- Configuring the ICMP Fragment Screen
- ICMP IP Sweep Screen
- Configuring the ICMP IP Sweep Screen
- ICMP Large Packet Screen
- Configuring the ICMP Large Packet Screen
- ICMP Ping of Death Screen
- Configuring the ICMP Ping of Death Screen
- ICMP Flood Screen
- DoS Attacks with UDP
- UDP Flood Screen
- Configuring the UDP Flood Screen
- UDP Sweep Screen
- Configuring the UDP Sweep Screen
- UDP Flood Screen
- DoS Attacks with TCP
- FIN-No-ACK Screen
- Configuring the FIN-No-ACK Screen
- LAND Attack Screen
- Configuring the LAND Attack Screen
- TCP Port Scan Screen
- Configuring the TCP Port Scan Screen
- SYN-ACK-ACK Proxy Screen
- Configuring the SYN-ACK-ACK-Proxy Screen
- SYN-FIN Screen
- Configuring the SYN-FIN Screen
- SYN flood/spoofing attacks
- SYN flood rate limiting
- Configuring SYN Flood Rate Limiting
- SYN Spoofing Protection Modes
- Configuring SYN Cookie/Proxy Protection
- SYN-Frag Screen
- Configuring the SYN-Frag Screen
- TCP No Flags Screen
- Configuring the TCP No Flags Screen
- TCP Sweep Screen
- Configuring the TCP Sweep Screen
- WinNuke Screen
- Configuring the WinNuke Screen
- FIN-No-ACK Screen
- Session Limit Screens
- Source IP Session Limit Screen
- Configuring the Source IP Session Limit Screen
- Destination IP Session Limit Screen
- Configuring the Destination IP Session Limit Screen
- Source IP Session Limit Screen
- SRX Flow Options
- Aggressive session aging
- Configuring the aggressive session ageout flow option
- TCP sequence checks
- Configuring TCP sequence checks
- Configuring TCP sequence checks for RST packets
- TCP SYN checks
- Strict SYN checks
- Configuring the strict SYN check
- SYN checks in tunnels
- TCP state timeouts
- Configuring the TCP initial session timeout and TCP time wait timeout
- Aggressive session aging
- How Screens Fit into the Packet Flow
- Best Practices
- Troubleshooting and Operation
- Viewing Screen Profile Settings
- Viewing the Screen Attack Statistics
- Viewing Flow Exceptions
- Sample Deployment
- Configuration for Screen and Flow Option Sample Deployment
- Summary
- Study Questions
- A Brief Review of Denial-of-Service Attacks
- 12. AppSecure Basics
- AppSecure Component Overview
- Application Identification
- Application Tracking
- Application Firewall
- Application Quality of Service
- User Role Firewalling
- SSL Forward Proxy
- AI Processing Architecture
- How Application Identification identifies applications
- Signature-based pattern matching
- Nested application signatures
- Keeping honest applications honest
- Heuristic-based detection
- Predictive session identification
- Application system cache
- Deploying AppSecure
- AppSecure Licensing
- Downloading and Installing Application Identification Sigpacks
- Controlling application caching
- Enabling application identification heuristics
- Controlling application caching
- AppID Signature Operations
- Enabling and disabling applications and application groups
- Creating Layer 3/Layer 4 applications
- Creating custom application groups
- Configuring and Deploying AppTrack
- Enabling AppTrack
- Configuring AppTrack options
- Configuring and Deploying Application Firewall
- Three types of Application Firewall rulesets
- Configuring a blacklist application ruleset
- Configuring a whitelist application ruleset
- Configuring a hybrid application ruleset
- When to use blacklist, whitelist, and hybrid rulesets
- Configuring application redirect
- Three types of Application Firewall rulesets
- Configuring and Deploying Application Quality of Service
- DSCP rewrite
- Forwarding class
- Logging
- Loss priority
- Rate limiter
- Configuring an AppQoS example
- Configuring and Deploying User Role Firewall
- UserFW functionality overview
- UserFW packaging and licensing
- Deploying UserFW
- Configuring the SRX for UserFW
- Configuring the IC
- Configuring the SRX as an IC enforcer
- Configuring the authentication server
- Configuring realms, roles, and sign-in policies
- Miscellaneous Active Directory tasks
- Configuring and Deploying SSL Forward Proxy
- Configuring SSL Forward Proxy on the SRX
- AppFW with encrypted applications
- Best Practices
- Application Identification
- AppTrack
- AppFW
- AppQoS
- UserFW
- SSL FP
- Troubleshooting and Operation
- Operating Application Identification
- Checking the AppID package
- Checking the AppID engine settings and cache
- Checking AppID counters
- Checking application statistics
- AppTrack
- Operating Application Firewall
- Operating Application QoS
- Operating UserFW
- Operating SSL Forward Proxy
- Operating Application Identification
- Sample Deployments
- Summary
- Study Questions
- AppSecure Component Overview
- 13. Intrusion Prevention
- The Need for IPS
- What About Application Firewalling in NGFW?
- How Does IPS Work?
- Licensing
- IPS and UTM
- What Is the Difference Between Full IPS and Deep Inspection/IPS Lite?
- Is It IDP or IPS?
- False Positives and False Negatives in IPS
- Management IPS Functionality on the SRX
- Stages of a System Compromise
- IPS Packet Processing on the SRX
- Packet processing path
- Direction-specific detection
- SRX deployment options
- Attack Object Types
- Application contexts
- Predefined attack objects and groups
- Custom attack objects and groups
- Severities
- Signature performance impacts
- IPS Policy Components
- Rulebases
- Match criteria
- Then actions
- IPS actions
- Notification actions
- Packet logging
- Configuring packet logging in the STRM
- IP actions
- Targets and timeouts
- Terminal Match
- Security Packages
- Attack database
- Attack object updates versus full updates
- Application objects
- Detector engines
- Policy templates
- Scheduling updates
- Sensor Attributes
- SSL Inspection (Reverse Proxy)
- Custom Attack Groups
- Static attack groups
- Dynamic attack groups
- Configuring IPS Features on the SRX
- Getting Started with IPS on the SRX
- Getting started example
- Configuring automatic updates
- Useful IPS files
- Viewing IPS attack objects and group membership
- Configuring static and dynamic attack groups
- Creating, activating, and referencing IPS
- Exempt rulebase
- Enabling GZIP/Deflate Decompression
- Getting Started with IPS on the SRX
- Deploying and Tuning IPS
- First Steps to Deploying IPS
- Building the Policy
- Testing Your Policy
- Leveraging sniffer mode for the deployment
- Actual Deployment
- Day-to-Day IPS Management
- Best Practices
- Troubleshooting and Operation
- Checking IPS Status
- Checking Security Package Version
- Troubleshooting and Monitoring Security Package Installation
- Clearing the download and cache files on the SRX
- Checking Policy Compilation Status
- IPS Attack Table
- IPS Counters
- IP Action Table
- Sample Deployments
- Summary
- Study Questions
- The Need for IPS
- 14. Unified Threat Management
- Shifting Threats
- UTM, IPS, or Both?
- Antivirus
- URL Filtering
- Antispam
- Content Filtering
- Antivirus + URL Filtering+ IPS?
- I Have SRX Antivirus: Do I Need Desktop Antivirus?
- UTM Licensing
- Configuring Licensing
- UTM Components
- Feature Profiles
- Custom Objects
- UTM Policies
- Application Proxy
- Networking Requirements for UTM Features
- Antivirus
- Antivirus flavors in the SRX
- Sophos AV
- Implementing Sophos AV
- Configuring Sophos with a default profile
- Default profile configuration
- Sophos AV feature profiles
- Configuring Sophos feature profile example
- Kaspersky Full AV
- Configuring Kaspersky with the default profile
- Default Kaspersky profile configuration
- Configuring Kaspersky AV scanning and fallback options
- Express AV
- Default Express AV profile
- Which AV to Choose?
- URL Filtering
- URL filtering flavors
- Configuring the URL filtering with default profiles
- Websense Enhanced filtering
- Configuring Websense Enhanced default profile
- Default Websense Enhanced profile
- Configuring a custom Websense Enhanced profile
- Surfcontrol/Websense Integrated URL filtering
- Configuring Surfcontrol Integrated with default profile
- Default Surfcontrol/Websense profile configuration
- Configuring Surfcontrol/Websense Integrated options
- Websense Redirect
- Configuring Websense Redirect
- Default Websense Redirect profile
- Default local URL filtering profile
- URL Custom URLs, blacklists, whitelists, and categories
- Custom URL patterns
- Custom URL category
- URL filtering profiles
- Juniper Local feature profile options
- Putting it all together for Juniper Local web filtering
- Which URL filtering solution to choose?
- URL filtering flavors
- Antispam
- Configuration options for antispam
- Configuring antispam with the default profile
- Configuring a custom spam profile and policy
- Content Filtering
- Configuring content filtering example
- Logging UTM Messages
- Configuring syslog to send UTM to a remote server
- Best Practices
- Troubleshooting and Operation
- UTM Engine
- Antivirus
- Testing antivirus
- URL Filtering
- Websense site lookup tool
- Antispam
- Content Filtering
- Sample Deployments
- Summary
- Study Questions
- Index
- About the Authors
- Colophon
- Copyright