Security

 View Only
last person joined: 18 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  vSRX Web-Filtering not working

    Posted 11-10-2021 04:56

    Hello All,

    I have Configured Web-Filtering in Juniper Firewall. I have added block and allow websites. But when I try to access the block website from my system, It is not getting blocked and also there are no logs appearing for it.  I have also added the policy to Zone.

    Please find my config below,

    utm {
    custom-objects {
    url-pattern {
    Blocked_Sites {
    value [ https://www.game.co.uk/ https://www.gameplay.com ];
    }
    Allowed_sites {
    value www.juniper.net;
    }
    }
    custom-url-category {
    Good_sites {
    value Allowed_sites;
    }
    Bad_Sites {
    value Blocked_Sites;
    }
    }
    custom-message {
    blocked-urls {
    type user-message;
    content "URL request is denied. Contact your IT department for help";
    }
    }
    }
    feature-profile {
    web-filtering {
    juniper-local {
    profile wf-local {
    default log-and-permit;
    category {
    Bad_Sites {
    action block;
    custom-message blocked-urls;
    }
    Good_sites {
    action log-and-permit;
    }
    }
    timeout 30;
    }
    }
    }
    content-filtering {
    profile CF-Jweb_LB {
    block-mime;
    block-content-type {
    exe;
    }
    notification-options {
    no-notify-mail-sender;
    }
    }
    }
    }
    utm-policy wf-custom-policy {
    web-filtering {
    http-profile wf-local;
    }
    }
    utm-policy UTM-CF {
    content-filtering {
    http-profile CF-Jweb_LB;
    }

    Also, I have added the command 

    #set security utm feature-profile web-filtering type juniper-local

    root> show security utm web-filtering statistics
    UTM web-filtering statistics:
    Total requests: 0
    White list hit: 0
    Black list hit: 0
    Default action hit: 0
    Custom category permit: 0
    Custom category block: 0
    Custom category quarantine: 0
    Custom category qurantine block: 0
    Custom category quarantine permit: 0
    Safe-search redirect: 0
    Safe-search rewrite: 0
    Web-filtering sessions in total: 128000
    Web-filtering sessions in use: 0
    Fallback: log-and-permit block
    Default 0 0
    Timeout 0 0
    Connectivity 0 0
    Too-many-requests 0 0

    Can you please let me know my mistake. Your help will be greatly appreciated. 



    ------------------------------
    MUTHU MAHADEVAN
    ------------------------------


  • 2.  RE: vSRX Web-Filtering not working

     
    Posted 11-11-2021 07:32
    Hello Muthu,

    By 'policy to zone', do you mean you have the right security policy in place? Asking, as I don't see it in the post.
    Also, I'd recommend testing with 'HTTP' sites to begin with.  Blocking HTTPS becomes tricky unless you are using enhanced web filtering / SSL proxy.

    ------------------------------
    Gokulnaath Manohar
    ------------------------------



  • 3.  RE: vSRX Web-Filtering not working

    Posted 11-11-2021 10:19

    Hello Gokul,

    I have the below config in my Security policy from trust to Untrust.  I have also changed the block site to value - www.facebook.com. 

    policy WF-Local-policy {
    match {
    source-address any;
    destination-address any;
    application any;
    dynamic-application none;
    url-category none;
    }
    then {
    permit {
    application-services {
    utm-policy wf-custom-policy;
    }
    }
    log {
    session-init;

    When I try to access block site from windows machine behind the firewall in trust network. It does not get blocked and logs are not generated. Can you please let me know where I am doing mistake? Thanks for the previous response. Your help will be greatly appreciated.

    Regards

    Muthu Mahadevan



    ------------------------------
    MUTHU MAHADEVAN
    ------------------------------



  • 4.  RE: vSRX Web-Filtering not working

    Posted 11-11-2021 19:01
    Hello,

    Looks like you're missing the default configuration hierarchy. Try adding this:

    set security utm default-configuration web-filtering type juniper-local
    set security utm default-configuration web-filtering juniper-local default log-and-permit​

    Also, you may want to adjust the way you've written your expressions (IE, may need a wildcard).

    Details on the types of expressions that are supported can be found here:
    https://www.juniper.net/documentation/us/en/software/junos/utm/topics/ref/statement/security-edit-url-pattern.html

    ------------------------------
    Craig Dods
    ------------------------------