SRX

Expand all | Collapse all

Local Web Filter Blacklist and Default Block

Jump to Best Answer
  • 1.  Local Web Filter Blacklist and Default Block

    Posted 10-22-2017 08:49
    Hi all

    When configuring the local web URL filter on the SRX is it compulsory to have a blackllist or could you have a whitelist with the URL(s) you wish to permit then next utilise the default action of block to deny everything else?

    This may seem like a daft question but I tried this the other day on a vSRX and it appeared that everything was permitted regardless of the requested URL. Thinking I may have missed something, a quirk perhaps of how this is supposed to work.

    Thank you.
    #blacklist
    #Webfilter
    #whitelist
    #Urlfilter


  • 2.  RE: Local Web Filter Blacklist and Default Block
    Best Answer

     
    Posted 10-22-2017 09:18
    Your understanding is correct. Just configure white list to allow the specific URLS you want to allow and configure default block to block everything else.

    root@srx> show configuration security utm
    custom-objects {
    url-pattern {
    url1 {
    value www.google.com;
    }
    }
    custom-url-category {
    Google {
    value [ url1];
    }
    }
    }
    feature-profile {
    web-filtering {
    url-whitelist Google;
    type juniper-local;
    juniper-local {
    profile Test {
    default block;
    }
    }
    }
    }

    root@srx >

    https://www.juniper.net/documentation/en_US/junos/topics/example/utm-web-filtering-local-custom-object-configuring-cli.html


  • 3.  RE: Local Web Filter Blacklist and Default Block

    Posted 10-22-2017 09:44
    Thank you Suraj

    I'll try again tomorrow once more and hopefully get it to work this time. I either misconfigured or didn't test properly last time. I'll update this thread after.


  • 4.  RE: Local Web Filter Blacklist and Default Block

    Posted 10-22-2017 23:06

    Hi Suraj


    I realised I had configured the 'default block' command under the 'fallback-settings' and not directly under the 'juniper-local' profile itself. Now that I've done that it works as intended.

     

    Thank you.



  • 5.  RE: Local Web Filter Blacklist and Default Block

    Posted 04-06-2019 06:14

    Hello ,

     

    refering to this KB iam unable to create categroy in juniper local profile under web filter . as per KB category can be defind in profile itself . please help

     

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-utm-local-web-filtering.html