Example: Configuring Content Filtering Custom Objects

This example shows how to configure content filtering custom objects.

Requirements

Before you begin:

  1. Decide on the type of content filter you require. See Content Filtering Overview.
  2. Understand the order in which content filtering parameters are configured. See Content Filtering Configuration Overview.

Overview

In this example, you define custom objects that are used to create content filtering profiles. You perform the following tasks to define custom objects:

  1. Create two protocol command lists called ftpprotocom1 and ftpprotocom2, and add user, pass, port, and type commands to it.
  2. Create a filename extension list called extlist2, and add the .zip, .js, and .vbs extensions to it.
  3. Define block-mime list call cfmime1 and add patterns to the list.

Configuration

CLI Quick Configuration

To quickly configure content filtering custom objects, copy the following commands and paste them into the CLI.

[edit]set security utm custom-objects protocol-command ftpprotocom1 value [user pass port type]set security utm custom-objects protocol-command ftpprotocom2 value [user pass port type]set security utm custom-objects filename-extension extlist2 value [zip js vbs] set security utm custom-objects mime-pattern cfmime1 value [video/quicktime image/x-portable-anymap x-world/x-vrml] set security utm custom-objects mime-pattern ex-cfmime1 value [video/quicktime-inappropriate]

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure content filtering custom objects:

  1. Create two protocol command lists.
    [edit security utm]user@host# set custom-objects protocol-command ftpprotocom1[edit security utm]user@host# set custom-objects protocol-command ftpprotocom2
  2. Add protocol commands to the list.
    [edit security utm]user@host# set custom-objects protocol-command ftpprotocom1 value [user pass port type][edit security utm]user@host# set custom-objects protocol-command ftpprotocom2 value [user pass port type]
  3. Create a filename extension list.
    [edit security utm]user@host# set custom-objects filename-extension extlist2
  4. Add extensions to the list.
    [edit security utm]user@host# set custom-objects filename-extension extlist2 value [zip js vbs]
  5. Create antivirus scanning lists.
    [edit security utm]user@host# set custom-objects mime-pattern cfmime1user@host# set custom-objects mime-pattern ex-cfmime1
  6. Add patterns to the lists.
    [edit security utm]user@host# set custom-objects mime-pattern cfmime1 value [video/quicktime image/x-portable-anymap x-world/x-vrml]user@host# set custom-objects mime-pattern ex-cfmime1 value [video/quicktime-inappropriate]

Results

From configuration mode, confirm your configuration by entering the show security utm command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

[edit]userhost#show security utmcustom-objects {mime-pattern {cfmime1 {value [ video/quicktime image/x-portable-anymap x-world/x-vrml ];}ex-cfmime1 {value video/quicktime-inappropriate;}}filename-extension {extlist2 {value [ zip js vbs ];}}protocol-command {ftpprotocom1 {value [ user pass port type ];}}protocol-command {ftpprotocom2 {value [ user pass port type ];}}}

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform this task:

Verifying Content Filtering Custom Objects

Purpose

Verify the content filtering custom objects.

Action

From operational mode, enter the show configuration security utm command.

Related Topics

Junos OS Feature Support Reference for SRX Series and J Series Devices

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.