Configuring Web Filtering (NSM Procedure)

This section includes the following topics:

Configuring a URL Pattern List Custom Object

To configure a URL pattern list custom object:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to configure URL pattern list custom objects.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
  4. Select Url Pattern and click New.
  5. Enter a unique name for the list.
  6. Select Value and add a new entry.
  7. In Value, enter the URLs or IP addresses that you want to be added to the list for bypassing scanning.

    Note: For URL pattern wildcard support, the wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use an asterisk (*) if it is at the beginning of the URL and is followed by a dot (.). You can only use a question mark (?) at the end of the URL.

    The following wildcard syntax is supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is not supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.

  8. Click OK to save the changes.

Configuring a Custom URL Category List Custom Object

To configure a custom URL category list custom object:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to configure whitelist and blacklist custom objects.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
  4. Select Custom Url Category and click New.
  5. Enter a unique name for the list.
  6. Select Value and add a new entry.
  7. Enter the name of the URL pattern list you created for bypassing scanning.
  8. Click OK to save the changes.

Configuring a Web Filtering Feature Profile

To configure a Web filtering feature profile:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to configure a Web filtering feature profile.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Feature Profile > Web Filtering.
  4. Add or modify Web filtering feature profile settings as specified in Table 230.
  5. Click one:
    • New—Adds a new profile.
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 230: Web Filtering Feature Profile Settings

Option

Function

Your Action

Url Whitelist

Specifies the URL whitelist.

Enter the name of the custom URL list you created. This is the first filtering category that both integrated and redirect Web filtering use. If there is no match, the URL is sent to the SurfControl server.

Url Blacklist

Specifies the URL blacklist.

Enter the name of the custom URL list you created. This is the first filtering category that both integrated and redirect Web filtering use. If there is no match, the URL is sent to the SurfControl server.

Type

Specifies the type of Web filtering.

Select surf-control-integrated from the list.

Surf Control Integrated > Cache

Enable Feature

Enables cache options.

Select this option to enable cache options.

Timeout

Specifies the timeout limit for cache entries.

Enter a timeout limit in minutes for expiring cache entries. (The default is 24 hours and the maximum allowed life span.)

Size

Specifies the size limit for the cache.

Enter a size limit for the cache in kilobytes. (The default is 500 KB.)

Surf Control Integrated > Server

Enable Feature

Enables server options.

Select this option to enable server options.

Host

Specifies the Surf Control server address.

Enter the Surf Control server name or IP address.

Port

Specifies the port number for communicating with the Surf Control server.

Enter the port number for communicating with the Surf Control server. (Default ports are 80, 8080, and 8081.)

Surf Control Integrated > Profile

Name

Specifies a name for the Web-filtering profile.

Enter a unique name for this profile.

Default

Specifies the default action for this profile for requests that experience errors.

Select log-and-permit, permit, or block from the list.

Custom Block Message

Specifies the custom message.

Enter a custom message to be sent when HTTP requests are blocked.

Timeout

Specifies the timeout limit.

Enter a value in seconds. Once this limit is reached, fail mode settings are applied. The default setting is 10 seconds.

Surf Control Integrated > Profile > Fallback Settings

Enable Feature

Enables fallback options.

Select this option to enable fallback options.

The available fallback options are as follows:

  • Default
  • Server Connectivity
  • Timeout
  • Too Many Requests

Specifies the fallback options.

Select log-and-permitor block from the list.

Surf Control Integrated > Profile > Category

Name

Specifies the name of the category.

Enter the name of the custom URL category list custom object you created.

Action

Specifies the action to be taken.

Select log-and-permit, permit, or block from the list.

Configuring a UTM Policy for Web Filtering

To configure a UTM policy for Web filtering:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device that you want to configure.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Utm Policy.
  4. Click New to add a new UTM policy entry.
  5. Enter a unique name for the UTM policy.
  6. Select Web Filtering and enter the name of Web filtering profile you created earlier in Http Profile.
  7. In the Http profile box, enter the name of the profile you created earlier.
  8. Click OK to save the changes.

Once you have configured a UTM policy for Web filtering, attach the UTM policy to a security policy that you create.

Related Documentation