SRX

Expand all | Collapse all

Web filter scheduler not working

Jump to Best Answer
  • 1.  Web filter scheduler not working

    Posted 11-07-2011 09:41

    Hi all. I have a scheduler set up so company employees can access sites like facebook and the local lottery at lunch time. Here is the config for it.

     

    root@srx210# show schedulers scheduler allow-web
    daily {
        start-time 00:00:00 stop-time 11:00:00;
        start-time 12:00:00 stop-time 23:59:59;

     

    everything was working with it till I had to reboot the SRX three days ago (Friday). Now it seems that the filter is always on no matter what time it. Any insight or help would be much appreciated. Thank you.

     

     



  • 2.  RE: Web filter scheduler not working

    Posted 11-08-2011 01:56

    Hi there,

     

    This may sound completely dumb,  how is your time sync on the SRX working?

     

    Are you sure the time is correct, as if the time was 1 hour off (because of winter time changes or anything), then it would appear your filter was always on and the lunch time window would be missed.

     

    If it worked before then something else must have changed.



  • 3.  RE: Web filter scheduler not working

    Posted 11-08-2011 06:19

    I thought the same thing and checked it. I believe my configuration is setup to connect to apple's NTP server. I also verified the time on the system and it matched daylight savings so I am not totally sure but that appears to be ok. Thanks for replying and if you had any other thoughts would be much appreciated.



  • 4.  RE: Web filter scheduler not working

    Posted 11-08-2011 06:39

    Can you post the Policy in question also.

     

    Try and deactivate and activate the policy the scheduler is applied to.



  • 5.  RE: Web filter scheduler not working

    Posted 11-08-2011 09:37

    I tried deactivating the policy and reactivating it. As soon as I deactivated it, I was able to access the normally blocked sites. Once reactivated however it blocked everything even though it should have let me in still. Heres the policy.

     

    policy web-filter {
        match {
            source-address any;
            destination-address any;
            application junos-http;
        }
        then {
            permit {
                application-services {
                    utm-policy junos-wf-policy;
                }
            }
            log {
                session-init;
                session-close;
            }
            count;
        }
        scheduler-name allow-web;
    }
    policy trust-to-untrust {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit;
        }
    }



  • 6.  RE: Web filter scheduler not working

    Posted 11-08-2011 10:53

    Ok maybe I'm wrong but is the below config not making the policy active from 00:00 to 11:00 and 12:00 to 00:00?

     

    root@srx210# show schedulers scheduler allow-web
    daily {
        start-time 00:00:00 stop-time 11:00:00;
        start-time 12:00:00 stop-time 23:59:59;

     

    Dont you want it to be just active from 11:00 to 12:00?

     

    daily {
        start-time 11:00:00 stop-time 12:00:00;
       

     

     



  • 7.  RE: Web filter scheduler not working

    Posted 11-08-2011 10:57

    I know I thought the same thing when I first set it up but the the way I have it set up is the only way I have ever gotten it to work at all.



  • 8.  RE: Web filter scheduler not working
    Best Answer

    Posted 11-08-2011 11:03

    Weird.

     

    If it worked the way you wanted before and not after a restart then the issues is not the config.

     

    I assume you have changed nothing at all?

     

    Try restarting the UTM daemon.

     

    user@srx>restart utmd



  • 9.  RE: Web filter scheduler not working

    Posted 11-09-2011 11:58

    That looks like it worked. Thank you much!



  • 10.  RE: Web filter scheduler not working

    Posted 01-26-2020 21:00

    how to use it in rule for juniper web filter