Knowledge Center Search


 

[ScreenOS] URL Filtering Configuration Using Websense

  [KB4197] Show KB Properties

  [KB4197] Hide KB Properties

Categories:
Knowledge Base ID: KB4197
Last Updated: 07 Oct 2013
Version: 9.0

Summary:
This article provides information about the URL Filtering Configuration that uses Websense.

Problem or Goal:
Information about the URL Filtering Configuration that uses Websense.

Cause:

Solution:

ScreenOS firewalls support URL filtering by using the Websense Websecurity, which enables you to block or permit access to different sites; based on their URLs, domain names, and IP addresses. With the Websense API built directly into the ScreenOS firewall, the ScreenOS device creates a direct link to a Websense URL-blocking server. Bt using the Websense manager, the ScreenOS administrator can perform the following tasks:

  • Alter the URL-blocking database to block or allow access to any sites they choose.

  • Schedule different URL filtering profiles for different times of the day.

  • Download Websense Reporter logs of blocked or viewed URLs.


Note: For additional information about Websense licensing requirements on the Juniper firewall, refer to KB4947 - License Requirement for using URL Filtering.

To configure URL filtering using Websense, perform the following steps:

Step one: Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI .


Step two: From the ScreenOS options menu, click Security > Web Filtering, and then click Protocol.


Step three: From Protocol, click to select Redirect (Websense) and then click Apply button.


Step four: In the Websense Server Name text box, enter a Websense Server Name or IP Address.

Image of step four and five


Step five: In the Websense Server Port text box, enter a Websense Server Port number.
Note: The default port for Websense is 15868. If you have changed the default port on the Websense server, you must also change it on the NetScreen device.


Step six:   In the Communication Timeout text box, enter a Communication Timeout value.


Step seven:   From If connectivity to the Websense server is lost, click to select Permit.
Note: If the Juniper firewall device loses contact with the Websense server, you can specify whether to Block or Permit all HTTP requests.


Step eight:   From Blocked URL Message Type, click to choose the source of the message received by the user.

Note: If you select Netpartners Websense, the Websense server sends the message. When you select Juniper Networks, the Juniper device sends the message. If you select Juniper networks, some of the functionality that Websense provides is suppressed, such as redirection.


Step nine:  In the Juniper networks Blocked URL Message text box, enter a Blocked URL Message.
Note: This is the message the NetScreen device returns to the user after blocking a site. You can use the message sent from the Websense server, or create a message (up to 500 characters) to be sent from the NetScreen device. .


Step ten: Click Apply.
Note:   In ScreenOS 5.0 and above, URL filtering using Websense is controlled on a per-policy basis and the following additional steps are required.


Step Eleven From the NetScreen options menu, click Policies.

Image of step eleven


Step Twelve Click to Edit one of your policies.

Image of step twelve


Step Thirteen Click Web Filtering.


Step Fourteen Click OK.



Step Fifteen Verify if the HTTP ALG is enabled:

Purpose:
Configuration
Implementation
Troubleshooting

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.