Use the Unified Threat Management (UTM) policy page to configure Web filtering profiles.
Web filtering lets you manage Internet usage by preventing access to inappropriate Web content. The following Web filtering solutions are supported:
Note: Integrated Web filtering feature is a separately licensed subscription service.
Note: Redirect Web filtering does not require a license.
Note: Local Web filtering does not require a license or a remote category server.
Once you create a profile, you can assign it to UTM policies. Within the UTM policy, you can apply either the same Web filtering profile or create one inline.
Configuring Web Filtering Profile Settings
To create a Web filtering profile:
Table 152: Web Filtering Profile Settings
Setting | Guideline |
|---|---|
General Information | |
Name | Enter a unique name for the Web filtering profile that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters. |
Description | Enter a description for the Web filtering profile; maximum length is 255 characters. |
Engine Type | Select the required engine type from the drop-down list:
|
Default Action | Select the default action from the drop-down list. Note: This option is available only for Juniper Enhanced and Surf Control engine types. |
Safe Search | Select a safe search solution to ensure that the embedded objects such as images on the URLs received from the search engines are safe and that no undesirable content is returned to the client. By default, the Safe Search check box is selected Note: This option is available only for the Juniper Enhanced engine type. Save search redirect supports HTTP only. You cannot extract the URL for HTTPS. Therefore, it is not possible to generate a redirect response for HTTPS search URLs. Safe search redirects can be disabled by clearing the Safe Search check box. |
Custom Block Message | Specify a custom message to be sent when HTTP requests are blocked. Note: If a message begins with http: or https:, the message is considered a block message URL. Messages that begin with values other than http: or https: are considered custom block messages. |
Custom Quarantine Message | Custom Quarantine Message Use UTM enhanced Web filtering to support block, log and permit, and permit actions on HTTP/HTTPS requests. Additionally, it supports the quarantine action, which allows or denies access to the blocked site based on the user’s response to the message. The quarantine message contains the following information:
Example: If you set the action for Enhanced_Search_Engines_and_Portals to quarantine, and you try to access www.search.yahoo.com, the quarantine message is as follows: ***The requested webpage is blocked by your organization’s access policy***. |
URL Category Action List | |
A URL category is a list of URL patterns grouped under a single title so a single action that applies to all URL patterns can be performed on the list. The following actions are available:
| |
Fallback Options | |
The fallback options are used when the web filtering system experiences errors and must fallback to one of the previously configured actions to either deny (block) or permit the object.
| |
Global Reputation Actions | |
Uncategorized URL Actions | Select this check box if you want to apply global reputation actions. Enhanced Web filtering intercepts HTTP and HTTPS requests and sends the HTTP URL or the HTTPS source IP to the Websense ThreatSeeker Cloud (TSC). The TSC categorizes the URL into one of the predefined categories and also provides site reputation information for the URL to the device. The device determines if it can permit or block the request based on the information provided by the TSC. The URLs can be processed using their reputation score if there is no category available. Select the action that you wish to take for the uncategorized URLs based on their reputation score:
Note: The Use global reputation check box is selected by default. |