ScreenOS Cookbook by Stefan Brunner, Vik Davar, David Delcourt, Ken Draper, Joe Kelly, Sunil Wadhwa

This chapter summarizes the feature set for application security within ScreenOS. Juniper Networks firewalls have traditionally been stateful inspection firewalls. A stateful inspection security device looks at the network and transport layers of the ISO/OSI model, following the connection from client socket to server socket, but is typically not aware of the data transported within that connection of the application layer. However, deep inspection, pioneered by Juniper since ScreenOS version 5.0, is aware of the application communicating via the connection.

The ScreenOS content security feature set includes four feature groups:

In larger networks, standalone, dedicated machines and servers provide these features. However, in smaller-and medium-size networks, it might be desirable to integrate these features into a single ScreenOS device for the obvious reasons of cost efficiency and convenience. For example, in this scenario, an administrator has to support only a single device and has to purchase a subscription signature service with only one vendor. Also, for smaller networks, antivirus capability and URL filtering do not require an external server, but you can add one for scalability in medium-size networks.

Antivirus capability exists in both internal and external configurations. In the internal configuration, the antivirus scanner and signatures are loaded onto the firewall. ...