content-filtering (Security Feature Profile)
Syntax
content-filtering { block-command; block-content-type { activex; exe; http-cookie; java-applet; zip; } block-extension; block-mime { exception; list; } notification-options { custom-message; (notify-mail-sender | no-notify-mail-sender); log; type (message | protocol-only); } permit-command; rule-set rule-set-name { rule rule-name { } } traceoptions { flag name; } type (content-filtering-none | local); }
Hierarchy Level
[edit security utm feature-profile] [edit security utm default-configuration]
Description
Configure Content Security content-filtering features. You can also configure the default Content Security configuration for content filtering feature profile. If you do not configure any option in the content filtering feature profile, the values configured in the default Content Security configuration are applied. The content filtering feature controls file transfers across the gateway by checking traffic against configured filter lists. It evaluates the traffic before all other Content Security features, except Web filtering.
A license check for the content filtering configuration is performed at the time of a commit and will provide a warning if a valid license is not installed on the device. Once a valid license is installed on the device then a custom content filtering profile or the default profile will be able to process traffic. If a license is expired or is not installed, the content filtering service will not process traffic.
Options
block-command |
Protocol block command custom-objects to the content-filtering profile. |
block-content-type |
Blocks to other available content such as exe, http-cookie, java-applet. This is for HTTP only. |
block-extension |
Block extensions to the content-filtering profile. |
block-mime |
MIME pattern list custom-objects to the content-filtering profile for blocking MIME types. |
notification-options |
A message notification to trigger when a content filter is matched. |
permit-command |
Protocol permit command custom-objects to the content-filtering profile. |
traceoptions |
Defines tracing operations for default Content Security configuration for content filtering feature. |
type |
Type of content filtering solution or URL filtering solution used by the device. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Starting in Junos OS Release 21.4R1, content filtering is performed by detecting the
file content and not the file extensions. So, content filtering options based on
mime-type, content-type, and protocol command is not supported. After you upgrade to
Junos OS Release 21.4R1, content filtering option under the
feature-profile
hierarchy are no more available for
configuration. The rule-set and rules configurations are introduced under the
[edit security utm utm-policy <utm-policy-name>
content-filtering]
hierarchy level. These rules and rule-set allows you
to configure direction specific content filters and connection reset.
Statement introduced in Junos OS Release 9.5.
The [edit security utm default-configuration]
hierarchy level is
introduced in Junos OS Release 18.2R1.