Hello all,
I like to create a local web filter and allow only 10 websites and block the rest for a zone to the Internet but it doesn't work expected. They still access everything.Please see my configuration below. Please advise what I'm doing wrong here.
Thank you very much in advance.
Isac
set security utm custom-objects url-pattern UBUNTU-Updates value http://*.ubuntu.com
set security utm custom-objects url-pattern GitHub-Updates value http://github.com
set security utm custom-objects url-pattern UBUNTU-Canonical value http://*.canonical.com
set security utm custom-objects url-pattern OPEN-DNS value 1.1.1.1
set security utm custom-objects custom-url-category AllowedExternalHosts value UBUNTU-Updates
set security utm custom-objects custom-url-category AllowedExternalHosts value GitHub-Updates
set security utm custom-objects custom-url-category AllowedExternalHosts value UBUNTU-Canonical
set security utm custom-objects custom-url-category AllowedExternalHosts value OPEN-DNS
set security utm feature-profile web-filtering url-whitelist AllowedExternalHosts
set security utm feature-profile web-filtering juniper-local profile ALLOW-SITE-profile category AllowedExternalHosts action permit
set security utm feature-profile web-filtering juniper-local profile ALLOW-SITE-profile default block
set security utm feature-profile web-filtering juniper-local profile ALLOW-SITE-profile fallback-settings default block
set security utm feature-profile web-filtering juniper-local profile ALLOW-SITE-profile fallback-settings too-many-requests block
set security utm utm-policy UTM-Policy web-filtering http-profile ALLOW-SITE-profile
# There is single Policy from this zone to INTERNET
set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET match source-address any
set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET match destination-address any
set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET match application any
set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET then permit application-services utm-policy UTM-Policy
set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-INTERNET then log session-close