SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX - web filtering license required or not?

    Posted 08-02-2018 12:35

    Apologies if this has been asked for - I tried to look but couldn't find the same

     

    There's some info on the below mentioned thread but I still couldn't find my answer

    https://forums.juniper.net/t5/SRX-Services-Gateway/srx3400-web-filtering/td-p/286490

     

    I have no experience with url/web filtering and need to know if I need to purchase a license for the below scnario or not

    We have a customer who will be providing a list of close to 30k URLs they need blocked

     

    Need to filter only those and nothing else needed. Might need to block those and redirect to a customer page.

    URLs could have http, https etc.

    Do I need a license for it?

     

    Also, is there a limit to maximum no. of URLs I can mention/defined manually in SRX

    Any way to directly upload the list to device?

     

    Models being used

    SRX3400 and SRX4600

     



  • 2.  RE: SRX - web filtering license required or not?

    Posted 08-02-2018 13:25

     

    You don't need a subscription license to do local blacklists.

     

     

    From what I can see, there is no redirect option when a url/IP is blocked - only a custom message. A brief example:

     

    set security utm custom-objects url-pattern BLOCKED-URLS value http://*.bad.site
set security utm custom-objects custom-url-category BLACKLISTED-SITES value BLOCKED-URLS
set security utm feature-profile web-filtering url-blacklist BLACKLISTED-SITES
set security utm feature-profile web-filtering type juniper-local
set security utm feature-profile web-filtering juniper-local profile BLOCK-SITE default permit
set security utm feature-profile web-filtering juniper-local profile BLOCK-SITE custom-block-message "Access Prohibited"
set security utm feature-profile web-filtering juniper-local profile BLOCK-SITE fallback-settings default block
set security utm feature-profile web-filtering juniper-local profile BLOCK-SITE fallback-settings too-many-requests block
set security utm utm-policy UTM-POC web-filtering http-profile BLOCK-SITE

    Also remember that this block message will only show on http connections. Https will not work as it won't give a functional https with the correct hostname.

     

    You can still block both http and https site in the list.

     

    You can modify the custom-list via netconf og similar.... there are many automation possibilities with Junos.



  • 3.  RE: SRX - web filtering license required or not?
    Best Answer

     
    Posted 08-05-2018 23:42

    Please see below link for info on licensing:

     

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-utm-licensing.html

     

    Anand