Knowledge Search


×
 

SRX Getting Started - Enhanced Web Filtering using legacy security policies

  [KB22483] Show Article Properties


Summary:

This article provides examples for configuring, verifying, and troubleshooting Enhanced Web Filtering (EWF).

For information on configuring Integrated Web Filtering or Redirect Web Filtering, refer to KB16466 - SRX Getting Started - Configure Web Filtering.

Symptoms:

How to configure Enhanced Web Filtering (URL Filtering).

Solution:

Configuration

Note:  The following sample uses legacy security policies, not newer unified security policies, available as of 18.2.

To configure Enhanced Web Filtering via J-Web refer to KB26911 - Example - Configuring Enhanced Web Filtering via J-Web.

The following example illustrates the EWF configuration:

 

  1. Security UTM configuration:
    [edit security utm]
    root# show
    feature-profile {
        web-filtering {
            type juniper-enhanced;
            juniper-enhanced {
                cache {
                    timeout 1800;
                    size 1500;
                }             
                server {
                     host cluster-k.cloud.threatseeker.com;
                     port 80;
                }
                profile my_ewfprofile01 {
                    category {
                        Enhanced_Business_and_Economy {
                            action block;
                        }
                        Enhanced_Job_Search {
                            action permit;
                        }
                        Enhanced_Uncategorized {
                            action log-and-permit;
                        }
                    }
                    site-reputation-action {
                        very-safe log-and-permit;
                        moderately-safe log-and-permit;
                        fairly-safe log-and-permit;
                        suspicious log-and-permit;
                        harmful log-and-permit;
                    }
                    default log-and-permit;
                    fallback-settings {
                        default log-and-permit;
                        server-connectivity log-and-permit;
                        timeout log-and-permit;
                        too-many-requests log-and-permit;
                    }
                }
            }
        }
    }
    utm-policy mypolicy {
        web-filtering {
            http-profile my_ewfprofile01;
        }
    }
    


    Note: 
    Alternative "juniper-enhanced server host" address is "rp.cloud.threatseeker.com".
    "juniper-enhanced server host" can be configured with IP address of the server if there is issue with address resolution

  2. Security policy configuration:
    set security policies from-zone utm_clients to-zone mgmt policy 1
    then permit application-services utm-policy mypolicy

CLI Quick Configuration

To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

set security utm feature-profile web-filtering type juniper-enhanced
set security utm feature-profile web-filtering juniper-enhanced cache timeout 1800
set security utm feature-profile web-filtering juniper-enhanced cache size 1500
set security utm feature-profile web-filtering juniper-enhanced server host rp.cloud.threatseeker.com
set security utm feature-profile web-filtering juniper-enhanced server port 80
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 category Enhanced_Business_and_Economy action block
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 category Enhanced_Job_Search action permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 category Enhanced_Unauthorized action log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action very-safe log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action moderately-safe log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action fairly-safe log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action suspicious log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action harmful log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 default log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 fallback-settings default log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 fallback-settings server-connectivity log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 fallback-settings timeout log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 fallback-settings too-many-requests log-and-permit
set security utm utm-policy mypolicy web-filtering http-profile my_ewfprofile01
set security policies from-zone utm_clients to-zone mgmt policy 1 then permit application-services utm-policy mypolicy

Verification:

  1. Once the configuration is committed, check the web-filtering server status:

     

    root@host> show security utm web-filtering status
    UTM web-filtering status:
    Server status: Juniper Enhanced using Websense server
    UP

  2. After the web pages are fetched, the web-filtering statistics increase:
    root@host> show security utm web-filtering statistics
      UTM web-filtering statistics:
        Total requests:                  5
        white list hit:                  0
        Black list hit:                  0
        Queries to server:               5
        Server reply permit:             5
        Server reply block:              0
        Custom category permit:          0
        Custom category block:           0
        Site reputation permit:          0
        Site reputation block:           0
        Cache hit permit:                0
        Cache hit block:                 0
        Safe-search redirect:            0
        Web-filtering sessions in total: 8000
        Web-filtering sessions in use:   0
        Fallback:               log-and-permit          block
              Default                        0              0
              Timeout                        0              0
         Connectivity                        0              0
    Too-many-requests                        0              0
    

  3. When logging is enabled, the following messages are seen in the logs:

     

    Dec 16 10:34:13 host utmd[1258]: WEBFILTER_SERVER_CONNECTED: Successfully connected to webfilter server cluster-k.cloud.threatseeker.com
    Dec 16 10:34:13 host utmd[1258]: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.40.4(52248)->66.211.181.181(80) CATEGORY="N/A" REASON="by other category" PROFILE="my_ewfprofile01" URL=www.ebay.com OBJ=/
    Dec 16 10:34:13 host utmd[1258]: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.40.4(52249)->66.211.181.29(80) CATEGORY="N/A" REASON="by other category" PROFILE="my_ewfprofile01" URL=hp.mobileweb.ebay.com OBJ=/home
    Dec 16 10:34:14 host utmd[1258]: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.40.4(52251)->128.241.217.187(80) CATEGORY="N/A" REASON="by other category" PROFILE="my_ewfprofile01" URL=thumbs2.ebaystatic.com OBJ=/pict/3006382983738080_2.jpg
    Dec 16 10:34:14 host utmd[1258]: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.40.4(52252)->128.241.217.187(80) CATEGORY="N/A" REASON="by other category" PROFILE="my_ewfprofile01" URL=thumbs1.ebaystatic.com OBJ=/pict/2509547309448080_1.jpg
    Dec 16 10:34:14 host utmd[1258]: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.40.4(52250)->8.254.8.126(80) CATEGORY="N/A" REASON="by other category" PROFILE="my_ewfprofile01" URL=i.ebayimg.com OBJ=/00/$(kgrhqj,!l4e64bnsg1sbo6q9lgg-w~~_14.jpg


Technical Documentation:

UTM Web Filtering Feature Guide for Security Devices - See 'Enhanced Web Filtering' links

Troubleshooting:

Refer to a checklist of common errors here:
KB25680 - UTM (Unified Threat Management) Troubleshooting Checklist

Also, the following traceoptions are used for advanced troubleshooting:
 
set security utm traceoptions flag all
set security utm feature-profile web-filtering traceoptions flag all
Note: The 'security utm traceoptions' are logged in the /var/log/utmd file, and the 'security utm web-filtering traceoptions' are logged in the /var/log/utmd-wf file.
           

 
Modification History:
2018-01-31: Add server configuration information
2019-05-02: Updated to refer to legacy policies
Related Links: