SRX

The address-book is strictly for matching the IP addresses in the packet headers. A wildcard domain matching would require you to examine the packet payload. On the SRX you can do that with Web Filtering (https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html) and, to a certain extent, with Application Identification (https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-application-identification-overview.html).

Hi Nikolay,

Let's say i dont have web filtering license. Is there any alternative i can get the list of that "*"?

Thanks

The address-book is strictly for matching the IP addresses in the packet headers. A wildcard domain matching would require you to examine the packet payload. On the SRX you can do that with Web Filtering (https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html) and, to a certain extent, with Application Identification (https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-application-identification-overview.html).

I know that Local Web Filtering doesn't require license, but I'm not familiar enough with it to tell if it can do the wildcard.

Hi Nikolay,

Let's say i dont have web filtering license. Is there any alternative i can get the list of that "*"?

Thanks

The address-book is strictly for matching the IP addresses in the packet headers. A wildcard domain matching would require you to examine the packet payload. On the SRX you can do that with Web Filtering (https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html) and, to a certain extent, with Application Identification (https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-application-identification-overview.html).

Starting in Junos OS Release 15.1X49-D110, the "* " in a wildcard syntax, used for URL pattern Web filtering profile, matches all subdomains. For example, *.example.net matches:

• http://a.example.net

• http://example.net

• aaa.example.net

Reference: https://www.juniper.net/documentation/us/en/software/junos/utm/topics/topic-map/security-utm-local-web-filtering.html

I know that Local Web Filtering doesn't require license, but I'm not familiar enough with it to tell if it can do the wildcard.

Hi Nikolay,

Let's say i dont have web filtering license. Is there any alternative i can get the list of that "*"?

Thanks

The address-book is strictly for matching the IP addresses in the packet headers. A wildcard domain matching would require you to examine the packet payload. On the SRX you can do that with Web Filtering (https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html) and, to a certain extent, with Application Identification (https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-application-identification-overview.html).

Starting in Junos OS Release 15.1X49-D110, the "* " in a wildcard syntax, used for URL pattern Web filtering profile, matches all subdomains. For example, *.example.net matches:

• http://a.example.net

• http://example.net

• aaa.example.net

Reference: https://www.juniper.net/documentation/us/en/software/junos/utm/topics/topic-map/security-utm-local-web-filtering.html

I know that Local Web Filtering doesn't require license, but I'm not familiar enough with it to tell if it can do the wildcard.

Hi Nikolay,

Let's say i dont have web filtering license. Is there any alternative i can get the list of that "*"?

Thanks

The address-book is strictly for matching the IP addresses in the packet headers. A wildcard domain matching would require you to examine the packet payload. On the SRX you can do that with Web Filtering (https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html) and, to a certain extent, with Application Identification (https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-application-identification-overview.html).

Starting in Junos OS Release 15.1X49-D110, the "* " in a wildcard syntax, used for URL pattern Web filtering profile, matches all subdomains. For example, *.example.net matches:

• http://a.example.net

• http://example.net

• aaa.example.net

Reference: https://www.juniper.net/documentation/us/en/software/junos/utm/topics/topic-map/security-utm-local-web-filtering.html

I know that Local Web Filtering doesn't require license, but I'm not familiar enough with it to tell if it can do the wildcard.

Hi Nikolay,

Let's say i dont have web filtering license. Is there any alternative i can get the list of that "*"?

Thanks

The address-book is strictly for matching the IP addresses in the packet headers. A wildcard domain matching would require you to examine the packet payload. On the SRX you can do that with Web Filtering (https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html) and, to a certain extent, with Application Identification (https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-application-identification-overview.html).

Hi All,

Is the config below is correct? The objective was from source-address is "*.azurewebsite.net". Appreciate any advise.

[edit]
root@JSRX1600# run show configuration security utm | display set 
set security utm custom-objects url-pattern urllist1 value http://*.azurewebsites.net
set security utm custom-objects url-pattern urllist2 value http://*.cloudapp.net
set security utm custom-objects url-pattern urllist3 value https://*.azurewebsites.net
set security utm custom-objects url-pattern urllist4 value https://*.cloudapp.net
set security utm custom-objects custom-url-category cust-permit-list value urllist1
set security utm custom-objects custom-url-category cust-permit-list value urllist2
set security utm custom-objects custom-url-category cust-permit-list value urllist3
set security utm custom-objects custom-url-category cust-permit-list value urllist4
set security utm feature-profile web-filtering juniper-local profile localprofile1 default block
set security utm feature-profile web-filtering juniper-local profile localprofile1 category cust-permit-list action log-and-permit
set security utm utm-policy utmp5 web-filtering http-profile localprofile1

set security policies from-zone WAN to-zone LAN policy PERMIT-AZURE match source-address any
set security policies from-zone WAN to-zone LAN policy PERMIT-AZURE match destination-address any
set security policies from-zone WAN to-zone LAN policy PERMIT-AZURE match application any
set security policies from-zone WAN to-zone LAN policy PERMIT-AZURE then permit application-services utm-policy utmp5

Starting in Junos OS Release 15.1X49-D110, the "* " in a wildcard syntax, used for URL pattern Web filtering profile, matches all subdomains. For example, *.example.net matches:

• http://a.example.net

• http://example.net

• aaa.example.net

Reference: https://www.juniper.net/documentation/us/en/software/junos/utm/topics/topic-map/security-utm-local-web-filtering.html

I know that Local Web Filtering doesn't require license, but I'm not familiar enough with it to tell if it can do the wildcard.

Hi Nikolay,

Let's say i dont have web filtering license. Is there any alternative i can get the list of that "*"?

Thanks

The address-book is strictly for matching the IP addresses in the packet headers. A wildcard domain matching would require you to examine the packet payload. On the SRX you can do that with Web Filtering (https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html) and, to a certain extent, with Application Identification (https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-application-identification-overview.html).