SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Local Web Filter Blacklist and Default Block

    Posted 10-22-2017 08:49
    Hi all

    When configuring the local web URL filter on the SRX is it compulsory to have a blackllist or could you have a whitelist with the URL(s) you wish to permit then next utilise the default action of block to deny everything else?

    This may seem like a daft question but I tried this the other day on a vSRX and it appeared that everything was permitted regardless of the requested URL. Thinking I may have missed something, a quirk perhaps of how this is supposed to work.

    Thank you.
    #blacklist
    #Webfilter
    #whitelist
    #Urlfilter


  • 2.  RE: Local Web Filter Blacklist and Default Block
    Best Answer

     
    Posted 10-22-2017 09:18
    Your understanding is correct. Just configure white list to allow the specific URLS you want to allow and configure default block to block everything else.

    root@srx> show configuration security utm
    custom-objects {
    url-pattern {
    url1 {
    value www.google.com;
    }
    }
    custom-url-category {
    Google {
    value [ url1];
    }
    }
    }
    feature-profile {
    web-filtering {
    url-whitelist Google;
    type juniper-local;
    juniper-local {
    profile Test {
    default block;
    }
    }
    }
    }

    root@srx >

    https://www.juniper.net/documentation/en_US/junos/topics/example/utm-web-filtering-local-custom-object-configuring-cli.html


  • 3.  RE: Local Web Filter Blacklist and Default Block

    Posted 10-22-2017 09:44
    Thank you Suraj

    I'll try again tomorrow once more and hopefully get it to work this time. I either misconfigured or didn't test properly last time. I'll update this thread after.


  • 4.  RE: Local Web Filter Blacklist and Default Block

    Posted 10-22-2017 23:06

    Hi Suraj


    I realised I had configured the 'default block' command under the 'fallback-settings' and not directly under the 'juniper-local' profile itself. Now that I've done that it works as intended.

     

    Thank you.



  • 5.  RE: Local Web Filter Blacklist and Default Block

    Posted 04-06-2019 06:14

    Hello ,

     

    refering to this KB iam unable to create categroy in juniper local profile under web filter . as per KB category can be defind in profile itself . please help

     

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-utm-local-web-filtering.html