Example: Configuring Content Filtering Feature Profiles

This example describes how to configure the content filtering feature profiles.

• Requirements
• Overview
• Configuration
• Verification

Requirements

Before you begin:

1. Decide on the type of content filter you require. See Content Filtering Overview.
2. Create custom objects. See Content Filtering Configuration Overview.

Overview

In this example, you configure a feature profile called confilter1 and specify the following custom objects to be used for filtering content:

1. Apply the ftpprotocom1 protocol command list custom object to confilter1.
2. Apply blocks to Java applets, executable files, and HTTP cookies.
3. Apply the extension list extlist2 custom object to confilter1 for blocking extensions.
4. Apply the MIME pattern list custom objects cfmime1 and ex-cfmime1 to the confilter1 for blocking MIME types.
5. Apply the protocol permit command custom object ftpprotocom2 to confilter1. (The permit protocol command list acts as an exception list for the block protocol command list.)

   Note: Protocol command lists, both permit and block, are created by using the same custom object.

6. Configure a custom message to send a notification.

Configuration

CLI Quick Configuration

To quickly configure the content filtering feature profile, copy the following commands and paste them into the CLI.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure a content filtering feature profiles:

1. Create a content filtering profile.
   [edit security utm]user@host# set feature-profile content-filtering profile confilter1
2. Apply a protocol command list custom object to the profile.
   [edit security utm]user@host# set feature-profile content-filtering profile confilter1 block-command ftpprotocom1
3. Apply blocks to available content.
   [edit security utm]user@host# set feature-profile content-filtering profile confilter1 block-content-type java-applet exe http-cookie
4. Apply an extension list custom object to the profile.
   [edit security utm]user@host# set feature-profile content-filtering profile confilter1 block-extension extlist2
5. Apply pattern list custom objects to the profile.
   [edit security utm]user@host# set feature-profile content-filtering profile confilter1 block-mime list cfmime1 exception ex-cfmime1
6. Apply the protocol permit command custom object to the profile.
   [edit security utm]user@host# set feature-profile content-filtering profile confilter1 permit-command ftpprotocom2
7. Configure the notification options.
   [edit security utm]user@host# set feature-profile content-filtering profile confilter1m notification-options custom-message “the action is not taken” notify-mail-sender type message

Results

From configuration mode, confirm your configuration by entering the show security utm command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform this task:

• Verifying the Configuration of Content Filtering Feature Profile

Verifying the Configuration of Content Filtering Feature Profile

Purpose

Verify the content filtering feature profile.

Action

From operational mode, enter the show configuration security utm command.

Related Topics

Junos OS Feature Support Reference for SRX Series and J Series Devices