[Prev][Next][Report an Error]

J-Web Configuration

To configure content filtering using the J-Web configuration editor, you must first create your custom objects (Protocol Command List, Filename Extension List, MIME Pattern List).

Configure a Protocol Command Custom Object as follows :

  1. Select Configure>Security>UTM>Custom Objects.
  2. From the Protocol command List tab, click Add to create command lists. (To edit an existing item, select it and click Edit.)
  3. Next to Protocol Command Name, enter a unique name for the protocol list you are creating. (This name appears in the Permit command and Block command lists when you configure a content filter profile.)
  4. Next to Protocol Command Value, enter the command for the protocol in question.
  5. Click Add to add your protocol command to the Values list box.

    Within this box, you can also select an item and click Delete to remove it. Continue to add protocol commands in this manner.

  6. Click OK to save the selected values as part of the protocol command list you have created.
  7. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Configure a Filename Extension List Custom Object as follows :

  1. Select Configure>Security>UTM>Custom Objects.
  2. From the Filename Extension List tab, click Add to create extension lists.
  3. Next to File Extension Name, enter a unique name for the list you are creating. (This name appears in the Block extension list when you configure a content filter profile.)
  4. In the Available Values box, select one or more default values (press Shift to select multiple concurrent items or press Ctrl to select multiple separate items) and click the —> right arrow button to move the value or values to the Selected Values box.
  5. Click OK to save the selected values as part of the extension list you have created.
  6. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Configure a MIME Pattern List Custom Object as follows :

  1. Select Configure>Security>UTM>Custom Objects.
  2. From the MIME Pattern List tab, click Add to create MIME pattern lists.
  3. In the Add MIME Pattern pop-up window, next to MIME Pattern Name, enter a unique name for the list you are creating.

    Keep in mind that you are creating a MIME block list and a MIME block exception list (if necessary). Both MIME lists appear in the Block MIME list and the Block MIME exception list fields when you configure content filtering. Therefore, the MIME list names you create should be as descriptive as possible.

  4. Next to MIME Pattern Value, enter the MIME pattern.
  5. Click Add to add your MIME pattern to the Values list box.

    Within this box, you can also select an entry and use the Delete button to delete it from the list. Continue to add MIME patterns in this manner.

  6. Optionally, create a new MIME list to act as an exception list.

    The exception list is generally a subset of the main MIME list.

  7. Click OK to save the selected values as part of the MIME list you have created.
  8. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Now that your custom objects have been created, you can configure the content-filtering feature profile.

  1. Select Configure>Security>UTM>Content Filtering.
  2. Click Add to create a profile for content filtering. (To edit an existing item, select it and click Edit.)
  3. Next to Profile name, enter a unique name in the box.
  4. Next to Permit command list, select the protocol command custom object you created for permitting commands from the list.

    The permit protocol command list is intended to act as an exception list for the block protocol command list.

    Note: Protocol command lists, both permit and block, are created using the same custom object.

  5. Next to Block command list, select the protocol command custom object you created for blocking commands from the list.
  6. Next to Block extension list, select the file extension list custom object you created for blocking extensions from the list.
  7. Next to Block MIME list, select the MIME pattern list custom object you created for blocking MIME patterns from the list.
  8. In the Block content type section, select content types in the Available content types box on the left and click the right arrow button —> to move items to the Selected content types box. (Press Shift to select multiple concurrent items or press Ctrl to select multiple separate items.)

    Note: Block content type applies blocks to other available content such exe, http cookie, Java applet, and so on. The list of content types available from the Block content type box are supported only for HTTP blocking.

  9. Select the Notifications Options tab.
  10. Next to Notification type, select Protocol or Message.
  11. Next to Notify mail sender, select Yes or No.
  12. If you selected Yes, in the Custom notification message box, enter text for your custom message for this notification in the box (if you are using a custom message).
  13. Click OK.
  14. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

    Note: You create a separate content filtering profile for each supported content filtering protocol. When you are creating your UTM policy for content filtering , the UTM policy configuration page provides separate content filtering profile selection fields for each supported protocol.

Next, configure a UTM policy for content filtering to which you attach the content filtering profile you have configured.

  1. Select Configure>Security>Policy>UTM Policies.
  2. From the UTM policy configuration window, click Add to configure a UTM policy.

    The policy configuration pop-up window appears.

  3. In the Main tab, next to the Policy Name box, enter a unique name for the UTM policy you are creating.
  4. In the Session per client limit box, enter a session per client limit from 0 to 20000 for this UTM policy.
  5. In Session per client over limit, select one of the following: Log and permit or Block.

    This is the action the device takes when the session per client limit for this UTM policy is exceeded.

  6. Select the Content filtering profiles tab in the pop-up window.
  7. Select the appropriate profile you have configured from the list for the corresponding protocol listed.
  8. Click OK.
  9. If the policy is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.

Next, attach the UTM policy to a security policy that you create.

  1. Select Configure>Security>Policy>FW Policies.
  2. From the Security Policy window, click Add to configure a security policy with UTM.

    The policy configuration pop-up window appears.

  3. In the Policy tab, enter a name in the Policy Name box.
  4. Next to From Zone, select a zone from the list.
  5. Next to To Zone, select a zone from the list.
  6. Choose a Source Address.
  7. Choose a Destination Address.
  8. Choose an Application. Do this by selecting junos-<protocol> (for all protocols that support content filtering) in the Application Sets box and clicking the —> button to move them to the Matched box.
  9. Next to Default Policy Action, select one of the following: Deny-All or Permit-All.
  10. Next to Policy Action, select one of the following: Permit, Deny, or Reject.

    Note: When you select Permit for Policy Action, several additional fields become available in the Applications Services tab, including UTM Policy.

  11. Select the Application Services tab in the pop-up window.
  12. Next to UTM Policy, select the appropriate policy from the list.

    This attaches your UTM policy to the security policy.

    Note: There are several fields on this page that are not described in this section. See the Security Policies section for detailed information on configuring security policies and all the available fields.

  13. Click OK to save your policy.
  14. If the policy is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.

    You must activate your new policy to apply it.


[Prev][Next][Report an Error]