Chapter 9. Unified Threat Management

Unified Threat Management (UTM) is a set of features designed to provide application-layer inspection of traffic as it traverses a network. Similar to Intrusion Detection and Prevention (IDP), security devices that support UTM features decode and inspect upper-layer protocols to detect malicious, or simply disallowed, traffic.

In fact, the IDP feature is often considered part of the UTM feature set. It is only a matter of convention, but as far as Juniper Networks goes, the UTM and IDP features are considered to be independent. At the time of this writing, the UTM feature set is only supported on branch SRX Series gateways.

This chapter explores the UTM features in the SRX, how to identify those features, and how to configure and use them in your own network.

What Is UTM?

So, what features are found on the SRX under the UTM umbrella? Well, the simple answer is anything, apart from IDP, that requires Layer 7 inspection. This includes antivirus, web filtering, content filtering, and antispam.

There is a common trade-off between how detailed the traffic analysis is and how much traffic can be processed. A firewall that protects thousands of hosts inherently has less capacity than the cumulative processing power of all the hosts behind it. When the number of hosts to protect is large, this trade-off would seem to suggest that the ideal place to do the inspection is at the hosts.

However, host-based security suffers from severe limitations in management—it’s ...

Get Junos Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.