Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Create and Manage Content Filtering Profiles

Use the Create Content Filtering Profiles page to configure content filtering profiles. Content filtering blocks or permits certain types of traffic based on the MIME type, file extension, and protocol command. The content filter controls file transfers across the device by checking traffic against configured filter lists. The following table describes the types of content filters that you can configure as part of a content filtering profile.

Note:

The content filtering profile evaluates traffic before all other content security profiles. Therefore, if traffic meets criteria configured in the content filter, the content filter acts first upon this traffic.
Table 1: Supported Content Filter Types

Type

Description

Protocol Command Block and Permit Lists

Different protocols use different commands to communicate between servers and clients. By blocking or allowing certain commands, traffic can be controlled on the protocol command level. The block or permit command lists are intended to be used in combination, with the permit list acting as an exception list to the block list.

Note:

If a protocol command appears on both the permit list and the block list, the command is permitted.

Extension Block List

It is recommended to use file extensions to block or allow file transfers, because the name of a file is available during the transfers. All protocols support the use of the extension block list.

MIME pattern filter

MIME patterns are used to identify the type of traffic in HTTP and MAIL protocols. There are two lists of MIME patterns that are used by the content filter to determine the action to be taken. The MIME Block List contains a list of MIME type traffic that is to be blocked. The MIME Permit List contains MIME patterns that permitted by the content filter and are generally subsets of items on the block list.

Note:

The MIME permit list has a higher priority than the block list.

Create Content Filtering Profiles

  1. Select SRX > Security Subscriptions > Content Security > Content Filtering Profiles.

    The Content Filtering Profiles page appears.

  2. Click the plus icon () to create a new content filtering profile.

    The Create Content Filtering Profiles wizard appears, displaying brief instructions about creating a content filtering profile.

  3. Click Next to navigate to the next page.
  4. Complete the configuration according to the following guidelines:
    Table 2: Content Filtering Profile Settings

    Setting

    Guideline

    General Information

    Name

    Enter a unique name for the content filtering profile. The maximum length is 29 characters.

    Description

    Enter a description for the content filtering profile. The maximum length is 255 characters.

    Notification Options

    Notify Mail Sender

    Click this toggle button to enable notification when a content filter is matched. Notifications are disabled by default.

    Notification Type

    Select the type of notification to send:

    • None—Do not send notifications.
    • Protocol—Send a protocol-specific notification. With these notifications, a protocol-specific error code might be sent.
    • Message—Send a generic notification.

    Custom Notification Message

    Enter a custom notification message. The maximum length is 512 characters.

    Protocol Commands

    Command Block List

    Enter the protocol commands to be blocked for the HTTP, FTP, SMTP, IMAP, and POP3 protocols. Use commas to separate each command.

    Protocol commands allow you to control traffic at the protocol-command level.

    Command Permit List

    Enter specific commands to be permitted for the HTTP, FTP, SMTP, IMAP, and POP3 protocols. Use commas to separate each command.

    Block Content Type

    Use the content filter to block other types of harmful files that the MIME type or the file extension cannot control. Select from the following types of content blocking (supported only for HTTP):

    • Active X

    • Windows executables (.exe)

    • HTTP cookie

    • Java applet

    • ZIP files

    Extension Block List

    Use a file extension list to define a set of file extensions to block over HTTP, FTP, SMTP, IMAP, and POP3.

    Enter file extensions to block separated by commas. For example, exe, pdf, js, and so on.

    MIME Block List

    Enter the MIME types you want to block over HTTP, FTP, SMTP, IMAP, and POP3 connections. Use commas to separate each MIME type.

    MIME Permit List

    Enter the MIME types you want to permit over HTTP, FTP, SMTP, IMAP, and POP3 connections. Use commas to separate each MIME type.
  5. Click Finish.

    A summary page is displayed. Review the settings and if you need to make any modifications click the Edit link or the Back button.

  6. Click OK save the settings and create the profile.

    A message indicating the status of the create operation is displayed.

  7. Click Close.

    You are returned to the Content Filtering Profiles page.

Manage Content Filtering Profiles

  • Edit—Select the profile, and then click the pencil icon (Blue pencil icon indicating edit functionality.). You cannot modify the default profiles already present in the system.

  • Clone—Select the profile, and then click More > Clone.

  • Delete—Select the profile, and then click the trash can icon (Blue trash can icon representing delete or remove function.). Before deleting an antispam profile, ensure that the profile is not used in a content security profile that is, in turn, used in a firewall policy rule. If you try to delete an antispam profile that is used in a firewall policy rule, an error message is displayed.