SRX

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Local Web Filtering - Allow list

    Posted 02-09-2023 07:57

    Hello all,

    I like to create a local web filter and allow only 10 websites and block the rest for a zone to the Internet but it doesn't work expected. They still access everything.Please see my configuration below. Please advise what I'm doing wrong here. 

    Thank you very much in advance.
    Isac

    set security utm custom-objects url-pattern UBUNTU-Updates value http://*.ubuntu.com
    set security utm custom-objects url-pattern GitHub-Updates value http://github.com
    set security utm custom-objects url-pattern UBUNTU-Canonical value http://*.canonical.com
    set security utm custom-objects url-pattern OPEN-DNS value 1.1.1.1


    set security utm custom-objects custom-url-category AllowedExternalHosts value UBUNTU-Updates
    set security utm custom-objects custom-url-category AllowedExternalHosts value GitHub-Updates
    set security utm custom-objects custom-url-category AllowedExternalHosts value UBUNTU-Canonical
    set security utm custom-objects custom-url-category AllowedExternalHosts value OPEN-DNS


    set security utm feature-profile web-filtering url-whitelist AllowedExternalHosts
    set security utm feature-profile web-filtering juniper-local profile ALLOW-SITE-profile category AllowedExternalHosts action permit
    set security utm feature-profile web-filtering juniper-local profile ALLOW-SITE-profile default block
    set security utm feature-profile web-filtering juniper-local profile ALLOW-SITE-profile fallback-settings default block
    set security utm feature-profile web-filtering juniper-local profile ALLOW-SITE-profile fallback-settings too-many-requests block

    set security utm utm-policy UTM-Policy web-filtering http-profile ALLOW-SITE-profile

    # There is single Policy from this zone to INTERNET
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET match source-address any
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET match destination-address any
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET match application any
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET then permit application-services utm-policy UTM-Policy
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET then log session-close



  • 2.  RE: Local Web Filtering - Allow list

    Posted 02-13-2023 03:30

    Anyone can advise, please?

    THanks