SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Enhanced Web Filter with scheduler but allow user with special access

    Posted 11-03-2018 05:00

    Hello Guys,

     

    I need your help.

    I will setup Enhanced Web Filtering with scheduler for restricted internet access, but i want certain IP/MAC Address to have all internet access. How do i apply the certain IP/MAC Address in the security policies ?

    Thanks.

     

    set access address-assignment pool DHCP-POOL family inet network 192.168.2.0/24
    set access address-assignment pool DHCP-POOL family inet range DHCP-RANGE-2 low 192.168.2.11
    set access address-assignment pool DHCP-POOL family inet range DHCP-RANGE-2 high 192.168.2.254
    set access address-assignment pool DHCP-POOL family inet dhcp-attributes router 192.168.2.1
    set access address-assignment pool DHCP-POOL host PC1 hardware-address 01:03:05:07:09:0b ip-address 192.168.2.254
    set access address-assignment pool DHCP-POOL host PC2 hardware-address 01:03:05:07:10:0a ip-address 192.168.2.253
    
    set security address book ALLOWED-PC address ADDR1 range-address 192.168.2.253 to 192.168.2.254
    set security utm feature-profile web-filtering juniper-enhanced server host rp.cloud.threatseeker.com
    set security utm feature-profile web-filtering juniper-enhanced server port 80
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business category Enhanced_Web_and_Email_Spam action permit
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business default block
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business custom-block-message "***The requested webpage is blocked by your organization's access policy ***"
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business no-safe-search
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business timeout 10
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business fallback-settings default log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business fallback-settings server-connectivity log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business fallback-settings timeout log-and-permit
    set security utm feature-profile web-filtering juniper-enhanced profile junos-wf-enhanced-business fallback-settings too-many-requests log-and-permit
    set security utm utm-policy utm-clients-policy web-filtering http-profile junos-wf-enhanced-business
    set security policies from-zone LAN to-zone INTERNET policy utm-security-policy match source-address any set security policies from-zone LAN to-zone INTERNET policy utm-security-policy match destination-address any set security policies from-zone LAN to-zone INTERNET policy utm-security-policy match application any set security policies from-zone LAN to-zone INTERNET policy utm-security-policy then permit application-services utm-policy utm-clients-policy set security policies from-zone LAN to-zone INTERNET policy utm-security-policy default-policy block-all set security policies from-zone LAN to-zone INTERNET policy utm-security-policy scheduler-name business-hours

    set schedulers scheduler business-hours daily start-time 08:00:00 stop-time 12:00:00
    set schedulers scheduler business-hours daily start-time 13:00:00 stop-time 17:00:00
    set schedulers scheduler business-hours saturday exclude
    set schedulers scheduler business-hours sunday exclude


  • 2.  RE: Enhanced Web Filter with scheduler but allow user with special access
    Best Answer

    Posted 11-04-2018 00:26

    Hello,

    You need to configure one more policy and insert it above Your existing policy:

    set security zones security-zone LAN address-book address MySpecialAddress <blah-blah/blah>
    set security policies from-zone LAN to-zone INTERNET policy my-special-policy match source-address MySpecialAddress
    set security policies from-zone LAN to-zone INTERNET policy my-special-policy match destination-address any
    set security policies from-zone LAN to-zone INTERNET policy my-special-policy match application any
    set security policies from-zone LAN to-zone INTERNET policy my-special-policy then permit 
    insert security policies from-zone LAN to-zone INTERNET policy my-special-policy before policy utm-security-policy

    HTH

    Thx

    Alex



  • 3.  RE: Enhanced Web Filter with scheduler but allow user with special access

    Posted 11-04-2018 04:07

    Hi