Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configure the SRX Integration

    To configure the integration of an SRX appliance with WebApp Secure, you must enable the External Counter Response Service, found within the configuration of the WebApp Secure web interface. The External Counter Response Service allows the SRX to send filter requests to the Appliance, and can be found under the Global section of the WebApp Secure configuration. It is an Advanced configuration set, so you will need to show the advanced configuration entries to see the External Counter Response Service configuration category.

    Warning: The configuration category will validate if there is an IP address or hostname in the corresponding configuration entry, and a filter name along with a term name, but this does not mean the service is properly working. Always test the counter response after changing the configuration entries, explained in the next section.

    Be sure to examine the configuration entries available for this service, and fill out all necessary fields, outlined in the following table.

    Table 1: External Counter Response Service Configuration Parameters



    Default Value


    External Counter Responses Enabled



    Whether or not to enable this service.

    Network Address

    IP (or DNS name)

    [Not Set]

    Required. Either the IP address or the DNS name of the device.

    SRX Password


    [Not Set]

    The password to log into the SRX.

    SRX Username


    [Not Set]

    The username to log into the SRX.

    Filter Name


    [Not Set]

    Provide a filter name that WebApp Secure will use.

    Term Name


    [Not Set]

    The term in the configured filter that WebApp Secure should add the IPs to. It should not be currently in-use by any other service, and should only be used for WebApp Secure.

    Action(s) to Apply)

    Collection (Strings)


    Choose the actions for the SRX to take on IPs sent to it by WebApp Secure. When no IPs are blocked on the SRX through WebApp Secure, these terms will be changed to Evaluate Next Term, which will continue to the next term in the filter. By default, this is set to a collection of 1, consisting of only discard.

    Warning: When configuring multiple actions to take, be careful not to populate the collection with conflicting actions. An example of two conflicting actions are reject and accept (You cannot reject a connection and then accept a connection!.). WebApp Secure has no protection for conflicting actions. The system will overwrite older actions with newer ones (further down the collection). An example of non-conflicting actions are log and discard. In this case, the packets will be logged, and then discarded. For more information on actions to take, consult the SRX documentation.

    Note: If the External Counter Response Service is disabled or otherwise configured incorrectly, blocking a profile via the External Block response will not work, but will still be shown in the User Interface as a valid Counter Response.

    Published: 2013-11-20