Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] What is the maximum URL pattern limit that can be configured on SRX platforms?

0

0

Article ID: KB33855 KB Last Updated: 20 Mar 2019Version: 1.0
Summary:

The maximum url-pattern limit on SRX is 1,000. This is by design and cannot be increased.

Symptoms:

More than 2,000 URL patterns were configured on an SRX1500, and they were falling back to permit due to “Timeout”

# run show security utm web-filtering statistics
UTM web-filtering statistics:
Total requests:                     3301067
white list hit:                     0
Black list hit:                     0
No license permit:                  0
Queries to server:                  0
Server reply permit:                0
Server reply block:                 0
Server reply quarantine:            0
Server reply quarantine block:      0
Server reply quarantine permit:     0
Custom category permit:             0
Custom category block:              0
Custom category quarantine:         0
Custom category qurantine block:    0
Custom category quarantine permit:  0
Site reputation permit:             0
Site reputation block:              0
Site reputation quarantine:         0
Site reputation quarantine block:   0
Site reputation quarantine permit:  0
Site reputation by Category         0
Site reputation by Global           0
Cache hit permit:                   0
Cache hit block:                    0
Cache hit quarantine:               0
Cache hit quarantine block:         0
Cache hit quarantine permit:        0
Safe-search redirect:               0
SNI pre-check queries to server:    0
SNI pre-check server responses:     0
Web-filtering sessions in total:    512000
Web-filtering sessions in use:      259
Fallback:                       log-and-permit           block
Default                                 0               0
Timeout                           2224294               0 
Connectivity                            0               0
Too-many-requests                       0               0
 

After lowering the URL number to half of the original amount, URL pattern matching worked as expected. The following shows 'max_url_pattern' on SRX1500 (no other platforms have these system parameters).

% sysctl -a | grep utm
hw.product.pvi.config.utmd.max_utm_policy: 500
hw.product.pvi.config.utmd.max_wf_profile: 500
hw.product.pvi.config.utmd.max_av_profile: 500
hw.product.pvi.config.utmd.max_cf_profile: 500
hw.product.pvi.config.utmd.max_as_profile: 500
hw.product.pvi.config.utmd.max_mime_pattern: 500
hw.product.pvi.config.utmd.max_file_ext_list: 500
hw.product.pvi.config.utmd.max_url_pattern: 1000  
hw.product.pvi.config.utmd.max_cust_cat: 1000
 

Is this the limitation of the URL number? Is there a way to increase this number to 2,000 or higher?

Solution:

The maximum number of 1000 is applied to TVP and vSRX platforms. Non-TVP platforms get 50. This is the current designed behavior. The maximum number cannot be increased.

For details on url-pattern configuration, refer to the documentation on url-pattern.

Note: PR1206968 changed the following system settings:

  • SRX TVP platform supports 500 UTM policies/profiles/mime-patterns/filename-exts/commond-lists, 1000 url-patterns/custom-categories and left other platforms unchanged.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search