Knowledge Search


How To Set up a Juniper Firewall to use Kaspersky AV

  [KB9011] Show Article Properties

The Kaspersky Anti-Virus solution offering began with ScreenOS 5.3.0.   Here are the steps required to set up AV using Kaspersky


Kaspersky Anti-Virus (AV) solution first became available with ScreenOS 5.3.0.  Devices that can use Kaspersky with ScreenOS 5.3.0 include the NS-5GT, NS-5GT Wireless, NS-5GT ADSL, NS-5GT Wireless ADSL, and NS-HSC. 

The requrements to use Kaspersky AV are as follows:

  1. The Firewall requires the ScreenOS software that includes the filename ns5gt.5.3.0.  or higher If you have downloaded ns5gttmav.5.3.0 or ns5gttmav.5.4.0, you have the wrong software.  Re-download the ns5gt software before continuing.
  2. Kaspersky AV requires purchasing the Kaspersky AV license. 
  3. The NetScreen device must have a direct Internet connection (AV is not supported with a Proxy Server connection).
  4. The NetScreen device must have a default route to access the Internet
  5. DNS must be configured on the firewall
  6. The system clock must be synchronized to some NTP server, or at least by sync'd to a PC with most current date and time

After the prerequisites are met, follow this procedure to set up AV:

  1. Install the Kaspersky AV license on the device.  From the WebUI:
    • Go to Configuration > Update > ScreenOS/Keys,
    • Click Retrieve Subscriptions Now, which will grab the license from the entitlement server, assuming your box's serial number is entitled to Kaspersky AV.
  2. Reboot the Firewall for the license to be loaded
  3. Upgrade to one of the Kaspersky ScreenOS files (e.g. ns5gt.5.3.0r6.0)
  4. Create a policy that uses one of the services supported by AV (i.e. HTTP, Mail, POP3, SMTP, or FTP).
  5. On the policy, specify an anti-virus profile (there are two default profiles to choose from, ns-profile and scan-mgr)
Once you have an AV profile specified on a policy, AV is now set up.
Related Links: