[Prev][Next][Report an Error]

J-Web Configuration

To configure Web filtering using the J-Web Configuration editor, if you are using custom objects, you must first create those custom objects. (URL pattern list, custom URL category list).

Note: Rather than or in addition to custom object lists, you can use included default lists and included white list and black list categories. See the JUNOS Software Security Configuration Guide for profile list information.

Configure a URL Pattern List Custom Object as follows:

Note: Because you use URL pattern lists to create custom URL category lists, you must configure URL pattern list custom objects before you configure a custom URL category list.

  1. Select the Configure tab at the top of the page.
  2. Select Security in the left pane to expand it.
  3. Select UTM in the left pane, under Security, to expand the UTM category. Once UTM is expanded, Anti-Virus, Web Filtering, Anti-Spam, Content Filtering, Custom Objects, and Global options become available.
  4. Select Custom Objects in the left pane.
  5. From the URL Pattern List tab in the right pane, click the Add button to create URL pattern lists.
  6. Next to URL Pattern Name, enter a unique name for the list you are creating. This name appears in the Custom URL Category List Custom Object page for selection.
  7. Next to URL Pattern Value, enter the URL or IP address you want added to list for bypassing scanning.

    Note: URL pattern wildcard support— The wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use “*” if it is at the beginning of the URL and is followed by a “.”. You can only use “?” at the end of the URL.

    The following wildcard syntax IS supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is NOT supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.

  8. Click the Add button to add your URL pattern to the Values list box. The list can contain up to 8192 items. You can also select an entry and use the Delete button to delete it from the list. Continue to add URLs or IP addresses in this manner.
  9. Click the OK button to save the selected values as part of the URL pattern list you have created.
  10. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details on a pop-up window to discover why.

Configure a custom URL category list custom object as follows:

Note: Because you use URL pattern lists to create custom URL category lists, you must configure URL pattern list custom objects before you configure a custom URL category list. URL pattern list custom objects are described in J-Web Configuration.

  1. Select the Configure tab at the top of the page.
  2. Select Security in the left pane to expand it.
  3. Select UTM in the left pane, under Security, to expand the UTM category. Once UTM is expanded, Anti-Virus, Web Filtering, Anti-Spam, Content Filtering, Custom Objects, and Global options become available.
  4. Select Custom Objects in the left pane.
  5. From the URL Category List tab in the right pane, click the Add button to create URL category lists.
  6. Next to URL Category Name, enter a unique name for the list you are creating. This name appears in the URL Whitelist, Blacklist, and Custom Category lists when you configure Web filtering global options.
  7. In the Available Values box, select a URL Pattern List name from the list for bypassing scanning and click the right arrow button to move it to the Selected Values box.
  8. Click the OK button to save the selected values as part of the custom URL list you have created.
  9. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details on a pop-up window to discover why.

Now that your custom objects have been created, you can configure the integrated Web filtering feature profile.

  1. Select the Configure tab at the top of the page.
  2. Select Security in the left pane to expand it.
  3. Select UTM in the left pane, under Security, to expand the UTM category. Once UTM is expanded, Anti-Virus, Web Filtering, Anti-Spam, Content Filtering, Custom Objects, and Global options become available.
  4. Select Global options in the left pane.
  5. In the Web Filtering tab in the right pane, next to URL whitelist, select the Custom URL list you created from the available options. This is the first filtering category that both integrated and redirect Web filtering use. If there is no match, the URL is sent to the SurfControl server.
  6. Next to URL blacklist, select the Custom URL list you created from the list. This is the first filtering category that both integrated and redirect Web filtering use. If there is no match, the URL is sent to the SurfControl server.
  7. In the Filtering Type section, select the type of Web filtering engine you are using. In this case, you would select Surf Control Integrated.
  8. In the SurfControl Integrated options section, next to Cache timeout, enter a timeout limit in minutes for expiring cache entries. (24 hours is the default and the maximum allowed life span.)
  9. Next to Cache Size, enter a size limit, in kilobytes, for the cache. (500 KB is the default.)
  10. Next to Server Host, enter the Surf Control server name or IP address.
  11. Next to Server Port, enter the port number for communicating with the Surf Control server. (Default ports are 80, 8080, and 8081.)
  12. Click the OK button to save these values.
  13. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details on a pop-up window to discover why.
  14. Select Web Filtering, under Security, in the left pane.
  15. Click the Add button in the right window to create a profile for Surf Control Integrated Web filtering. (To edit an existing item, select it and click the Edit button.)
  16. In the Main tab, next to Profile name, enter a unique name for this Web filtering profile.
  17. Select the Profile Type. In this case, select Surf Control.
  18. Next to Default action, select Permit, Log and permit, or Block. This is the default action for this profile for requests that experience errors.
  19. Next to Custom Block Message, enter a custom message to be sent when HTTP requests are blocked.
  20. Next to Timeout, enter a value, in seconds. Once this limit is reached, fail mode settings are applied. The default here is 10 seconds. You can enter a value from 10 to 240 seconds.
  21. Next to Custom block message subject, enter text to appear in the subject line of your custom message for this block notification.
  22. Select the Fallback options tab.
  23. Next to Default, select Log and Permit or Block as the action to occur when a request fails for any reason not specifically called out.
  24. Next to Server Connectivity, select Log and Permit or Block as the action to occur when a request fails for this reason.
  25. Next to Timeout, select Log and Permit or Block as the action to occur when a request fails for this reason.
  26. Next to Too Many Requests, select Log and Permit or Block as the action to occur when a request fails for this reason.
  27. Select the URL category action list tab.
  28. In the custom URL category list section, click the Add button to use a configured custom URL category list custom object in the profile.
  29. Next to Categories, select a configured custom object from the list.
  30. Next to Actions, select Permit, Block, or Log and Permit from the list.
  31. Click the Add button.
  33. Click OK.
  34. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details on a pop-up window to discover why.

Next, you configure a UTM policy for Web filtering to which you attach the content filtering profile you have configured.

  1. Select the Configure tab at the top of the page.
  2. Select Security in the left pane to expand it.
  3. Select Policy in the left pane to expand it.
  4. Select UTM Policies in the left pane.
  5. From the UTM policy configuration window in the right pane, click the Add button at the top of the screen to configure a UTM policy. This takes you to the policy configuration pop-up screen.
  6. Select the Main tab in pop-up screen.
  7. In the Policy Name box, enter a unique name for the UTM policy you are creating.
  8. In the Session per client limit box, enter a session per client limit from 0 to 20000 for this UTM policy.
  9. For Session per client over limit, select one of the following: Log and Permit, Block. This is the action the device takes when the session per client limit for this UTM policy is exceeded.
  10. Select the Web Filtering profiles tab in the pop-up screen.
  11. Next to HTTP profile, select the profile you have configured from the list.
  12. Click OK.
  13. If the policy is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details on a pop-up window to discover why.

Next, you attach the UTM policy to a security policy that you create.

  1. Select the Configure tab at the top of the page.
  2. Select Security in the left pane to expand it.
  3. Select Policy in the left pane to expand it.
  4. Select FW Policies in the left pane.
  5. From the Security Policy window in the right pane, click the Add button at the top of the screen to configure a security policy with UTM. This takes you to the policy configuration pop-up screen.
  6. In the Policy tab, enter a name in the Policy Name box.
  7. Next to From Zone, select a zone from the list.
  8. Next to To Zone, select a zone from the list.
  9. Choose a Source Address.
  10. Choose a Destination Address.
  11. Choose an Application. Do this by selecting junos-<protocol> (for all protocols that support Web filtering, http in this case) in the Application Sets box and clicking the —> button to move them to the Matched box.
  12. Next to Policy Action, select one of the following: Permit, Deny, Reject.

    Note: When you select Permit for Policy Action, several additional fields become available in the Applications Services tab, including UTM Policy.

  13. Select the Application Services tab in the pop-up screen.
  14. Next to UTM Policy, select the appropriate policy from the list. This attaches your UTM policy to the security policy.

    Note: There are several fields on this page that are not described in this section. See the section on Security Policies for detailed information on configuring security policies and all the available fields.

  15. Click OK.
  16. If the policy is saved successfully, you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details on a pop-up window to discover why. You must Activate your policy in order to apply it.
[Prev][Next][Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.