Hi,
try to open one ticket to Juniper... I'll update you if you cannot open one ticket.
In my personal furter analisis I found (maybe) the specific problem.
The problem IS NOT on the Security Director.... but in the vSRX it self.
In the specific. Following the official note from Juniper, from 15.x version, match then statement is not any longer needed.
The problem is that in my case, my 17.x version seem still require "the old way to configure" as 15.x version.
Then the problem is not on the security director.
Security Director with the correct DMI, is correctly try to configure the advanced-threat-prevention, without match and then!!
vSRX expecting something else! :-\
What vSRX version do you have? Maybe we have the same version:
root@vSRXdmzserver# run show system information
Model: vsrx
Family: junos-es
Junos: 17.3R1.10
Hostname: vSRXdmzserver
My collegues that have 17.4.X ...is not affecting by this problem!!! and under:
(my collegue) run show configuration services advanced-anti-malware policy SkyATP_DMZ he has http and imap parameters...
(in my case):
root@vSRXdmzserver# run show configuration services advanced-anti-malware policy SkyATP_DMZ ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> blacklist-notification Blacklist notification logging option
> default-notification Default notification logging option
> fallback-options Fallback options for abnormal conditions
inspection-profile Advanced Anti-malware inspection-profile name
> match Policy match conditions
> then
> whitelist-notification Whitelist notification logging option
only match then... :-|
