Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Firewall is failing to send URL queries to a connected Websense server.

0

0

Article ID: KB16793 KB Last Updated: 14 Mar 2019Version: 5.0
Summary:
If an SSG firewall with URL filtering configured is connecting to an external Websense server, but URL query packets are not being sent, then check to ensure the HTTP Application Layer Gateway (ALG) is enabled.
Symptoms:
  • URL filtering is configured on the SSG firewall, but valid traffic hitting the policy is not being permitted.
  • Packet captures show there is connection to the external Websense server, but no query packets are being sent.
Solution:
URL filtering requires the HTTP ALG to be enabled as the ALG provides the intelligence for the firewall to interpret the HTTP requests. In this instant, the HTTP ALG had been disabled. Re-enabling the ALG allows the URL filtering process to work.

To view ALG status or enable/disable ALG's, use the following:

CLI:
get alg
set alg http enable

WebUI:

Security -> ALG -> HTTP -> OK
Modification History:
2019/02/26: Content re-reviewed for accuracy; no changes required.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search