Chapter 9. Unified Threat Management

Unified Threat Management (UTM) is a set of features designed to provide application-layer inspection of traffic as it traverses a network. Similar to Intrusion Detection and Prevention (IDP), security devices that support UTM features decode and inspect upper-layer protocols to detect malicious, or simply disallowed, traffic.

In fact, the IDP feature is often considered part of the UTM feature set. It is only a matter of convention, but as far as Juniper Networks goes, the UTM and IDP features are considered to be independent. At the time of this writing, the UTM feature set is only supported on branch SRX Series gateways.

This chapter explores the UTM features in the SRX, how to identify those features, and how to configure and use them in your own network.

What Is UTM?

So, what features are found on the SRX under the UTM umbrella? Well, the simple answer is anything, apart from IDP, that requires Layer 7 inspection. This includes antivirus, web filtering, content filtering, and antispam.

There is a common trade-off between how detailed the traffic analysis is and how much traffic can be processed. A firewall that protects thousands of hosts inherently has less capacity than the cumulative processing power of all the hosts behind it. When the number of hosts to protect is large, this trade-off would seem to suggest that the ideal place to do the inspection is at the hosts.

However, host-based security suffers from severe limitations in management—it’s ...

Get Junos Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.