Example: Configuring Integrated Web Filtering (NSM Procedure)
With integrated Web filtering, you can permit or block access to a requested website by binding a Web Filtering profile to a firewall rule. A Web Filtering profile contains Web Categories and the action the security device takes (permit or block) when it receives a request to access a URL.
A Web category is a list of URLs organized by content. SurfControl Content Portal Authority (CPA) servers maintain a large database of all types of Web content classified into 40 categories. For a list of SurfControl Web Categories, see “Appendix C, SurfControl Web categories,” in the Network and Security Manager Administration Guide.
SurfControl has three server locations that each serve a specific geographic area: the Americas, Asia Pacific, and Europe/Middle East/Africa. The default primary server is the Americas; the default backup server is Asia Pacific.
URLs and categories created and maintained by SurfControl appear in the NSM UI as predefined, and cannot be edited. You can also create custom URLs, and then use those URLs within a custom Web Filtering Profile.
In this example, you select SurfControl CPA (Integrated) as your Web Filtering profile.
To configure integrated Web filtering:
In the NSM navigation tree, select Device Manager > Devices, and then double-click the device for which you want to configure Web Filtering. The device configuration appears.
In the device navigation tree, select Security > Web Filtering, and then click the SurfControl CPA (Integrated) tab.
Select CPA Server Enable, and then configure the following SurfControl Settings:
For Server, select America.
For Primary Host, enter usi.SurfCA.com.
For Primary Port, enter 9020.
For Fail Mode select block.
Select Enable Cache, and then configure the following cache settings:
For Cache Timeout (hours), enter 24.
For Cache Size (K bytes), enter 500.
For Query Interval (weeks), enter 2.
Select Enable Group-based URL Filtering, and then configure the following group-based URL filtering options:
For User Group select juniper.
For Priority select 1.
For Bound Profile select ns-profile (predefined).
Click OK to save your settings and close the device configuration.