Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX Getting Started - Redirect Web Filtering

0

0

Article ID: KB16444 KB Last Updated: 09 Feb 2015Version: 7.0
Summary:

This article provides examples for configuring, verifying, and troubleshooting redirect Web filtering (also known as URL filtering). For information about integrated Web filtering, refer to KB16334 - SRX Getting Started - Integrated Web Filtering.

For other topics, refer to KB15694 - SRX Getting Started - Configuration Examples & Troubleshooting (JumpStation).

Symptoms:

How to configure redirect Web filtering by using the predefined JUNOS-wf-websense-default profile.


Cause:

Solution:

This section contains the following:


Configuration Task Overview

Configuring redirect Web filtering consists of the following tasks:

  • Configuring redirect Web filtering parameters 

  • Configuring a UTM policy for each feature and attaching the policy to a profile 

  • Attaching the UTM policy to a firewall security policy 

You do not need a license on the SRX device to use the redirect Web filtering feature.

For additional information, refer to the Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Application Note and the Technical Documentation section.


J-Web Configuration

To configure the redirect Web filtering feature profile:
  1. Select Configure>Security>UTM>Global options.

  2. Click the Web Filtering tab.

  3. In the Filtering Type list, select Websense Redirect.

  4. Click OK. A status popup appears. If the configuration changes are saved successfully, the popup automatically closes. If the changes are not saved successfully, click Details for more information.

To configure a UTM policy for Web filtering:
  1. Select Configure>Security>Policy>UTM Policies.

  2. Click Add to configure a UTM policy. The Add Policy window appears.

  3. In the Main tab, next to Policy Name, enter a unique name for the UTM policy you are creating (for example, custom-utm-policy).

  4. Click the Web filtering profiles tab.

  5. Next to HTTP profile, select junos-wf-websense-default.

  6. Click OK. A status popup appears. If the configuration changes are saved successfully, the popup automatically closes. If the changes are not saved successfully, click Details for more information.

To attach the UTM policy to a security policy:
  1. Select Configure>Security>Policy>FW Policies.

  2. Select an existing trust-to-untrust security policy (for example, default-permit) and click Edit.

  3. In the Edit Policy window, click Application Services.

  4. In the UTM Policy list, select the UTM policy to attach to the security policy (in this example, custom-utm-policy).

  5. Click OK. A status popup appears. If the configuration changes are saved successfully, the popup automatically closes. If the changes are not saved successfully, click Details for more information.

Make sure that your policy is activated. The changes do not take effect until the Commit button is clicked (under the tabs).


CLI Configuration

The following example activates redirect Web filtering:
  1. Configure the device to use the redirect Web filtering feature:

    In the following example, the Websense server host's IP address is 172.19.50.138. The Websense server port is 15868, which is the default port used by the Websense server. The recommended timeout is 10 seconds and the number of sockets is 8.
    user@host# set security utm feature-profile web-filtering type websense-redirect
    user@host# set security utm feature-profile web-filtering websense-redirect profile junos-wf-websense-default server host 172.19.50.138
    user@host# set security utm feature-profile web-filtering websense-redirect profile junos-wf-websense-default server port 15868
    user@host# set security utm feature-profile web-filtering websense-redirect profile junos-wf-websense-default timeout 10
    user@host# set security utm feature-profile web-filtering websense-redirect profile junos-wf-websense-default sockets 8
    
  2. Create a UTM policy and associate the JUNOS-wf-websense-default profile to it:
    user@host# set security utm utm-policy custom-utm-policy web-filtering http-profile JUNOS-wf-websense-default
  3. Apply the UTM policy to an existing trust-to-untrust security policy (in this example, it is default-permit):
    user@host# set security policies from-zone trust to-zone untrust policy
    default-permit then permit application-services utm-policy custom-utm-policy

Technical Documentation

UTM Web Filtering Feature Guide for Security Devices - See 'Redirect Web Filtering' links.



Verification

The following commands are used to verify if the web filter is working:
user@host> show security utm web-filtering status
UTM web-filtering status:
Server status: Websense redirect URL filtering

user@host> show security utm web-filtering statistics
 UTM web-filtering statistics: 
    Total requests:                  0
    white list hit:                  0
    Black list hit:                  0
    Server reply permit:             0
    Server reply block:              0
    Web-filtering sessions in total: 4000
    Web-filtering sessions in use:   1
    Fall back:                       log-and-permit           block 
          Default                                 0               0
          Timeout                                 0               0
     Connectivity                                 0               0
Too-many-requests                                 0               0

Troubleshooting

The following traceoptions are used for troubleshooting:
user@host# set security traceoptions flag all
user@host# set security utm traceoptions flag all
user@host# set security utm application-proxy traceoptions flag all
user@host#
set security utm feature-profile web-filter traceoptions flag all
Traceoptions can be found in the following logs:
user@host> show log utmd-wf

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search