Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Enhanced Web Filtering shows "DOWN" when using virtual-router

0

0

Article ID: KB33006 KB Last Updated: 21 Feb 2020Version: 2.0
Summary:

On SRX devices that are running enhanced web filtering (EWF), the server status may continue to display "DOWN" even after successful configuration of EWF over a custom routing instance.

This article gives the cause for the server status to be down and explains how the issue can be resolved.

 

Symptoms:

EWF is configured and the EWF server is reachable via a custom routing instance. However, the EWF server status shows as being down:

root@SRX> show security utm web-filtering status
UTM web-filtering status:
    Server status: Juniper Enhanced using Websense server DOWN

 

Cause:
  • The EWF feature depends on two factors to reach the EWF server:

    • Resolution of the DNS name of the EWF server

    • Reachability to the resolved IP address

  • By default, the DNS lookup and route lookup for the EWF IP address on the forwarding plane happen in the default routing instance. Therefore, if the DNS server is available ONLY via a non-default routing instance OR if the EWF IP address is reachable via a non-default routing instance, the EWF feature would fail.

 

Solution:

Starting with Junos OS 15.1X49-D90, the routing instance can be configured both for DNS lookup and Enhanced Web-Filter IP address (see routing-instance). This solves two problems:

  • If the DNS is reachable ONLY via a virtual router, you would need to configure:

set security utm dns routing-instance <name of custom routing-instance>
  • If the EWF IP address is NOT reachable, you may need to configure:

set security utm feature-profile web-filtering juniper-enhanced server routing-instance <name of customer routing-instance>

 

Modification History:

2020-02-21: Junos OS release detail corrected in Solution section

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search