Knowledge Search


×
 

[SRX] Configuration Example - Configuring Enhanced Web Filtering via J-Web

  [KB26911] Show Article Properties


Summary:

This article provides a step-by-step example of how to configure Enhanced Web Filtering via J-Web.

For more information about Enhanced Web Filtering, see the UTM Web Filtering Feature Guide for Security Devices.

For a configuration example by using the CLI, see Example: Configuring Enhanced Web Filtering.

 

Solution:

Example: Step-by-step procedure for configuring Enhanced Web Filtering on J-Web

 

  • Prerequisites

  • Verifying license installation

  • Configuring Global WF Options

  • Creating a Profile

  • Creating a UTM Policy

  • Attaching a UTM Policy to Security Policy

  • Verification

 

Prerequisites

 

  • The Enhanced Web Filtering license must be on the SRX device. The license name is wf_key_websense_ewf.

  • If running a chassis cluster, both nodes should have their own Enhanced Web Filtering license.

  • Enhanced Web Filtering is supported on Junos OS 11.4 onwards.

 

Verify that the Enhanced Web Filtering License is Installed.

 
  1. Go to Maintain > Licenses.

  2. Look for Wf_Key _websense_ewf in the list of licenses.

  3. If the license is not listed, click Update. The license will be updated from Juniper’s License server. Note: You must have a DNS server configured for auto-update to work.

  4. The license appears in a few moments.

 

Configure Global WF Options (Enhanced Web Filtering Feature Profile).

 
  1. Go to Configure > Security > UTM > Web Filtering.

  2. Click Global options.

  3. Click the Juniper enhanced tab.

  4. For Cache timeout, enter the timeout (in minutes) for the expiration of cache entries (for example, 1800).

  5. For Cache Size, enter the maximum number of kilobytes (KB) for the cache (for example, 500).

  6. For Server Host, enter the Websense server name or IP address (the default server name is rp.cloud.threatseeker.com).

  7. For Server Port, enter the port number used to communicate with the Websense server (the default port is 80).

  8. Click OK; a status pop-up window appears. If the configuration changes are successfully saved, the pop-up window automatically closes. If the changes are not saved successfully, click Details for more information.

    Note: Although various server FQDN and Port numbers can be configured, for the default licensed EWF feature to work, the default server and port values stated above must be used.

 

Create a Profile Name & Select a Category from the Included Whitelist & Blacklist Categories.

 
  1. Go to Configure > Security > UTM > Web Filtering.

  2. Click Add.

  3. For Profile name, enter a custom profile (in this example, it is my_ewfprofile01).

  4. From the URL category action list, select the category and the action associated with the category. Click Add to add more categories and associated actions. For example, click the Categories scroll button, select Enhanced_Adult_Material, click the Actions scroll button, and then select Block. This step is optional.

  5. Go to Site Reputation Action and click Log and permit for all or required actions.

  6. Go to Main. For the Default action, select Log and permit.

  7. Click OK.

 

Create a UTM Policy for Enhanced Web Filtering.

 
  1. Go to Configure > Security > Policy > UTM Policies.

  2. Click Add to configure a UTM policy; the Add Policy window appears.

  3. Click the Main tab.

  4. In the Policy Name text field, enter a unique name for the UTM policy (for example, mypolicy).

  5. In the Session per client limit text field, enter a session per client limit from 0 to 20000 for this UTM policy (for example, 200).

  6. For the Session per client over limit, select one of the following: Log and Permit or Block. This is the action that the device takes when the session per client limit for this UTM policy is exceeded.

  7. Click the Web filtering profiles tab.

  8. Next to HTTP profile, select my_ewfprofile01.

  9. Click OK

 

Attach the UTM Policy to a Security Policy.

 
  1. Go to Configure > Security > Policy > Apply Policy.

  2. Click Add; the Add Policy window appears.

  3. Click the Policy tab.

  4. In the Policy Name text field, enter the name of the policy (for example, web-filter).

  5. Next to From Zone, select a zone from the list (for example, trust).

  6. Next to To Zone, select a zone from the list (for example, untrust).

  7. Select a source address (for example, any).

  8. Select a destination address (for example, any).

  9. Click the Application Services tab.

  10. Next to UTM Policy, select the UTM policy that will be attached to the security policy (in this example, mypolicy).

  11. Click OK.

  12. Click the Commit button (under the Action tab).

 

Verification

 
  1. Go to Monitor > Security > UTM > Web Filtering to review Web Filtering related statistics. In this view, category-wise hits can be seen. It also displays the fallback category. This view displays counters for node0 and node1.

  2. Go to Monitor > Reports > Threats to review general Web Filtering statistics. This is a high-level view for overall hits under different UTM categories.

  3. Go to Activities to view details about blocked URLs. Under this section, recent blocked URLs with the respective source and destination IP addresses and timestamps can be seen.

 

Modification History:

2018-08-31: Added a note about the port number that works with the threatseeker server in the Solution section

 

Related Links: