ON THIS PAGE
Juniper NextGen Web Filtering Overview
Juniper NextGen Web Filtering (NGWF) acts as a first line of defense by enabling the SRX Series Firewall to permit or deny access to specific URLs based on the reputation and category to which the URLs belong. It intercepts, scans, and acts upon HTTP or HTTPS traffic to prevent inappropriate Web content access. It also provides better visibility into the URL traffic.
Let's learn how NGWF works.

-
SRX Series Firewall receives HTTP/HTTPS traffic.
-
The NGWF intercepts the HTTP/HTTPS traffic and sends the URL or the destination IP address to the Juniper NGWF cloud. The NGWF cloud hosts the Web filtering service across the globe and delivers the services to all the different users around the world.
-
The NGWF cloud categorizes the URL into one of the categories. It also provides the site reputation information.
-
The NGWF cloud shares the URL categorization and site reputation information with the SRX Series Firewall. The device stores the result as cache for a faster look up for the subsequent look ups.
-
Based on the URL categorization and site reputation information, the SRX Series Firewall permits or blocks the traffic as per the configured policy.
The NGWF provides the re-categorization and categorization features. You can request to recategorize incorrectly categorized URLs and submit uncategorized URLs. Use the following commands to recategorize or categorize a URL:
See Recategorize URL.request security utm web-filtering recategorize
See Categorize URLrequest security utm web-filtering categorize
Use the request security utm web-filtering recategorize url <url> status
command to view the status of your recategorization request.
Starting in Junos OS Release 23.4R1, the SRX Series Firewall license installs have the NGWF license by default. Customers using the Enhanced Web Filtering (EWF) have an option to manually migrate from the existing EWF to the NGWF. The EWF and the NGWF require separate licenses. You can also migrate to Juniper NGWF with your current Websense license.
See Migrate to Juniper NextGen Web filtering.
Starting in Junos OS Release 23.4R1, during new installs or in case of an upgrade, the wf_key_ng_juniper key is installed. Juniper NextGen Web Filtering and URL category download and installation work when wf_key_websense_ewf or wf_key_ng_juniper is present.
Starting in Junos OS Release 23.4R1, you can use Juniper NextGen Web Filtering feature with wf_key_ng_juniper key.
You can configure NGWF using:
-
CLI. See ng-juniper.
-
J-Web. See Content Security Default Configuration chapter in the J-Web User Guide for SRX Series Firewalls.
Differences Between NGWF and EWF
Table 1 describes the key differences between Juniper NGWF and EWF.
Functionality | NGWF | EWF |
---|---|---|
Cloud support |
Juniper URL filtering acts as the gateway for SRX Series Firewall seeking URL category/reputation from Juniper NGWF cloud. |
URL requests directly go to vendor cloud from SRX Series Firewall. |
URL categorization |
Provides the URL re-categorization and categorization features. |
Customers cannot perform URL re-categorization and categorization. |
URL categorization status |
Enables the customers to view the URL re-categorization status. |
Customers cannot perform URL re-categorization directly. |
URL traffic visibility |
Provides better visibility into the URL traffic and use the rich telemetry into actionable best practices or automated orchestration for customers. |
Less visibility on the customer URL traffic. |
Regional language support |
Provides more than 200 regional language support. |
Provides less regional language support. |
Site reputation |
You need not provide a site reputation range of a URL to block or permit the URL. |
You can configure the site reputation range value of a URL to block or permit the URL. |
Benefits of NGWF
-
Granular control on the Web filtering.
-
URL categories are available in the Juniper NGWF cloud.
-
More regional language support.
-
Enables users to recategorize and categorize URLs, which reduces the dependency on the Juniper support team to recategorize and categorize URLs.