Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] URL Filtering Configuration Using WebSense



Article ID: KB4197 KB Last Updated: 19 Jun 2019Version: 10.0
This article provides information about the URL Filtering Configuration that uses WebSense.
Information about the URL Filtering Configuration that uses WebSense.

ScreenOS firewalls support URL filtering by using the WebSense Websecurity, which enables you to block or permit access to different sites; based on their URLs, domain names, and IP addresses. With the WebSense API built directly into the ScreenOS firewall, the ScreenOS device creates a direct link to a WebSense URL-blocking server. By using the WebSense manager, the ScreenOS administrator can perform the following tasks:

  • Alter the URL-blocking database to block or allow access to any sites they choose.
  • Schedule different URL filtering profiles for different times of the day.
  • Download WebSense Reporter logs of blocked or viewed URLs.
Note: For additional information about WebSense licensing requirements on the Juniper firewall, refer to KB4947 - License Requirement for using URL Filtering.

To configure URL filtering using WebSense, perform the following steps:

  1. Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI .
  2. From the ScreenOS options menu, click Security > Web Filtering, and then click Protocol.
  3. From Protocol, click to select Redirect (WebSense) and then click Apply button.
  4. In the Enable Web Filtering text box, click to enable the web filtering. Select the Source Interface and enter the Server host name or IP address.
  5. In the WebSense Server Port text box, enter a WebSense Server Port number.
    Note: The default port for WebSense is 15868. If you have changed the default port on the WebSense server, you must also change it on the NetScreen device.
  6. In the Communication Timeout text box, enter a Communication Timeout value.
  7. From If connectivity to the WebSense server is lost, click to select Permit.
    Note: If the Juniper firewall device loses contact with the WebSense server, you can specify whether to Block or Permit all HTTP requests.
  8. From Blocked URL Message Type, click to choose the source of the message received by the user.

    Note: If you select NetPartners WebSense, the WebSense server sends the message. When you select Juniper Networks, the Juniper device sends the message. If you select Juniper networks, some of the functionality that WebSense provides is suppressed, such as redirection.
  9. In the Juniper networks Blocked URL Message text box, enter a Blocked URL Message.
    Note: This is the message the NetScreen device returns to the user after blocking a site. You can use the message sent from the WebSense server, or create a message (up to 500 characters) to be sent from the NetScreen device.

  10. Click Apply.
    Note: In ScreenOS 5.0 and above, URL filtering using WebSense is controlled on a per-policy basis and the following additional steps are required.
  11. From the NetScreen options menu, click Policies.
  12. Click to Edit one of your policies.
    Image of step twelve
  13. Click Web Filtering.
  14. Click OK.
  15. Verify if the HTTP ALG is enabled:
Modification History:
2019-06-15: Modified with the new GUI screenshots and updated the article.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search