Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring Content Filtering Feature Profiles

    This example describes how to configure the content filtering feature profiles.

    Requirements

    Before you begin:

    1. Decide on the type of content filter you require. See Content Filtering Overview.
    2. Create custom objects. See Content Filtering Configuration Overview.

    Overview

    In this example, you configure a feature profile called confilter1 and specify the following custom objects to be used for filtering content:

    1. Apply the ftpprotocom1 protocol command list custom object to confilter1.
    2. Apply blocks to Java applets, executable files, and HTTP cookies.
    3. Apply the extension list extlist2 custom object to confilter1 for blocking extensions.
    4. Apply the MIME pattern list custom objects cfmime1 and ex-cfmime1 to the confilter1 for blocking MIME types.
    5. Apply the protocol permit command custom object ftpprotocom2 to confilter1. (The permit protocol command list acts as an exception list for the block protocol command list.)

      Note: Protocol command lists, both permit and block, are created by using the same custom object.

    6. Configure a custom message to send a notification.

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    set security utm feature-profile content-filtering profile confilter1
    set security utm feature-profile content-filtering profile confilter1 block-command ftpprotocom1
    set security utm feature-profile content-filtering profile confilter1 block-content-type java-applet exe http-cookie
    set security utm feature-profile content-filtering profile confilter1 block-extension extlist2
    set security utm feature-profile content-filtering profile confilter1 block-mime list cfmime1 exception ex-cfmime1
    set security utm feature-profile content-filtering profile confilter1 permit-command ftpprotocom2
    set security utm feature-profile content-filtering profile confilter1 notification-options custom-message “the action is not taken” notify-mail-sender type message

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

    To configure a content filtering feature profiles:

    1. Create a content filtering profile.
      [edit security utm]
      user@host# set feature-profile content-filtering profile confilter1
    2. Apply a protocol command list custom object to the profile.
      [edit security utm]
      user@host# set feature-profile content-filtering profile confilter1 block-command ftpprotocom1
    3. Apply blocks to available content.
      [edit security utm]
      user@host# set feature-profile content-filtering profile confilter1 block-content-type java-applet exe http-cookie
    4. Apply an extension list custom object to the profile.
      [edit security utm]
      user@host# set feature-profile content-filtering profile confilter1 block-extension extlist2
    5. Apply pattern list custom objects to the profile.
      [edit security utm]
      user@host# set feature-profile content-filtering profile confilter1 block-mime list cfmime1 exception ex-cfmime1
    6. Apply the protocol permit command custom object to the profile.
      [edit security utm]
      user@host# set feature-profile content-filtering profile confilter1 permit-command ftpprotocom2
    7. Configure the notification options.
      [edit security utm]
      user@host# set feature-profile content-filtering profile confilter1m notification-options custom-message “the action is not taken” notify-mail-sender type message

    Results

    From configuration mode, confirm your configuration by entering the show security utm command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    [edit]
    user@host# show security utm
    feature-profile {
    content-filtering {
    profile contentfilter1;
    profile confilter1 {
    permit-command ftpprotocom2;
    block-command ftpprotocom1;
    block-extension extlist2;
    block-mime {
    list cfmime1;
    exception ex-cfmime1;
    }
    block-content-type {
    java-applet;
    exe;
    http-cookie;
    }
    notification-options {
    type message;
    notify-mail-sender;
    custom-message " the action is not taken";
    }
    }
    }
    }

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    Verifying the Configuration of Content Filtering Feature Profile

    Purpose

    Verify the content filtering feature profile.

    Action

    From operational mode, enter the show configuration security utm command.

    Modified: 2017-11-03