Hello,
Looks like you're missing the default configuration hierarchy. Try adding this:
set security utm default-configuration web-filtering type juniper-local
set security utm default-configuration web-filtering juniper-local default log-and-permit
Also, you may want to adjust the way you've written your expressions (IE, may need a wildcard).
Details on the types of expressions that are supported can be found here:
https://www.juniper.net/documentation/us/en/software/junos/utm/topics/ref/statement/security-edit-url-pattern.html------------------------------
Craig Dods
------------------------------
Original Message:
Sent: 11-11-2021 07:49
From: MUTHU MAHADEVAN
Subject: vSRX Web-Filtering not working
Hello Gokul,
I have the below config in my Security policy from trust to Untrust. I have also changed the block site to value - www.facebook.com.
policy WF-Local-policy {
match {
source-address any;
destination-address any;
application any;
dynamic-application none;
url-category none;
}
then {
permit {
application-services {
utm-policy wf-custom-policy;
}
}
log {
session-init;
When I try to access block site from windows machine behind the firewall in trust network. It does not get blocked and logs are not generated. Can you please let me know where I am doing mistake? Thanks for the previous response. Your help will be greatly appreciated.
Regards
Muthu Mahadevan
------------------------------
MUTHU MAHADEVAN
Original Message:
Sent: 11-11-2021 06:25
From: Gokulnaath Manohar
Subject: vSRX Web-Filtering not working
Hello Muthu,
By 'policy to zone', do you mean you have the right security policy in place? Asking, as I don't see it in the post.
Also, I'd recommend testing with 'HTTP' sites to begin with. Blocking HTTPS becomes tricky unless you are using enhanced web filtering / SSL proxy.
------------------------------
Gokulnaath Manohar
Original Message:
Sent: 11-10-2021 04:39
From: MUTHU MAHADEVAN
Subject: vSRX Web-Filtering not working
Hello All,
I have Configured Web-Filtering in Juniper Firewall. I have added block and allow websites. But when I try to access the block website from my system, It is not getting blocked and also there are no logs appearing for it. I have also added the policy to Zone.
Please find my config below,
utm {
custom-objects {
url-pattern {
Blocked_Sites {
value [ https://www.game.co.uk/ https://www.gameplay.com ];
}
Allowed_sites {
value www.juniper.net;
}
}
custom-url-category {
Good_sites {
value Allowed_sites;
}
Bad_Sites {
value Blocked_Sites;
}
}
custom-message {
blocked-urls {
type user-message;
content "URL request is denied. Contact your IT department for help";
}
}
}
feature-profile {
web-filtering {
juniper-local {
profile wf-local {
default log-and-permit;
category {
Bad_Sites {
action block;
custom-message blocked-urls;
}
Good_sites {
action log-and-permit;
}
}
timeout 30;
}
}
}
content-filtering {
profile CF-Jweb_LB {
block-mime;
block-content-type {
exe;
}
notification-options {
no-notify-mail-sender;
}
}
}
}
utm-policy wf-custom-policy {
web-filtering {
http-profile wf-local;
}
}
utm-policy UTM-CF {
content-filtering {
http-profile CF-Jweb_LB;
}
Also, I have added the command
#set security utm feature-profile web-filtering type juniper-local
root> show security utm web-filtering statistics
UTM web-filtering statistics:
Total requests: 0
White list hit: 0
Black list hit: 0
Default action hit: 0
Custom category permit: 0
Custom category block: 0
Custom category quarantine: 0
Custom category qurantine block: 0
Custom category quarantine permit: 0
Safe-search redirect: 0
Safe-search rewrite: 0
Web-filtering sessions in total: 128000
Web-filtering sessions in use: 0
Fallback: log-and-permit block
Default 0 0
Timeout 0 0
Connectivity 0 0
Too-many-requests 0 0
Can you please let me know my mistake. Your help will be greatly appreciated.
------------------------------
MUTHU MAHADEVAN
------------------------------