Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configure the SRX Series Integration

    To configure the integration of an SRX series appliance with WebApp Secure, you must enable the External Counter Response Service, found within the configuration of the WebApp Secure web interface. Navigate to Configuration > Services > External Response Server (SRX Integration) and configure the fields described in the table below.

    Note: After you enter the information, click the Test SRX Connection Settings link to make sure the system can be reached.

    The External Counter Response Service allows the SRX series to send filter requests to the Appliance, and can be found under the Global section of the WebApp Secure configuration. It is an Advanced configuration set, so you will need to show the advanced configuration entries to see the External Counter Response Service configuration category.

    Warning: The configuration category will validate if there is an IP address or hostname in the corresponding configuration entry, and a filter name along with a term name, but this does not mean the service is properly working. Always test the counter response after changing the configuration entries, explained in the next section.

    Be sure to examine the configuration entries available for this service, and fill out all necessary fields, outlined in the following table.

    Table 1: External Counter Response Service Configuration Parameters

    Parameter

    Type

    Default Value

    Description

    External Counter Responses Enabled

    Boolean

    False

    Whether or not to enable this service.

    Network Address

    IP (or DNS name)

    [Not Set]

    Required. Either the IP address or the DNS name of the device.

    SRX series Password

    String

    [Not Set]

    The password to log into the SRX series.

    SRX series Username

    String

    [Not Set]

    The username to log into the SRX series.

    Filter Name

    String

    [Not Set]

    Provide a filter name that WebApp Secure will use.

    Term Name

    String

    [Not Set]

    The term in the configured filter that WebApp Secure should add the IPs to. It should not be currently in-use by any other service, and should only be used for WebApp Secure.

    Action(s) to Apply)

    Collection (Strings)

    [collection:1]

    Choose the actions for the SRX series to take on IPs sent to it by WebApp Secure. When no IPs are blocked on the SRX series through WebApp Secure, these terms will be changed to Evaluate Next Term, which will continue to the next term in the filter. By default, this is set to a collection of 1, consisting of only discard.

    Warning: When configuring multiple actions to take, be careful not to populate the collection with conflicting actions. An example of two conflicting actions are reject and accept (You cannot reject a connection and then accept a connection!.). WebApp Secure has no protection for conflicting actions. The system will overwrite older actions with newer ones (further down the collection). An example of non-conflicting actions are log and discard. In this case, the packets will be logged, and then discarded. For more information on actions to take, consult the SRX series documentation.

    Note: If the External Counter Response Service is disabled or otherwise configured incorrectly, blocking a profile through the External Block response will not work, but will still be shown in the User Interface as a valid Counter Response.

    Published: 2015-02-04