SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

juniper local web UTM policy

  • 1.  juniper local web UTM policy

    Posted 04-18-2023 07:17

    Hello all,

    I have a network zone and it has no Internet access, I like to allow only a few domains and block the rest using juniper local web policy. I tried as the below but I see that everything is allowed. What am I doing wrong? Please help me.

    set security utm custom-objects url-pattern ZONE1-Whitelist1 value *.vmware.com
    set security utm custom-objects url-pattern ZONE1-Whitelist1 value xml.shavlik.com

    set security utm custom-objects custom-url-category ZONE1WhitelistCategory value ZONE1-Whitelist1

    set security utm feature-profile web-filtering juniper-local profile ZONE1-ALLOW-SITE-profile default block
    set security utm feature-profile web-filtering juniper-local profile ZONE1-ALLOW-SITE-profile category ZONE1WhitelistCategory action permit
    set security utm feature-profile web-filtering juniper-local profile ZONE1-ALLOW-SITE-profile fallback-settings default block
    set security utm feature-profile web-filtering juniper-local profile ZONE1-ALLOW-SITE-profile fallback-settings too-many-requests block

    set security utm utm-policy ZONE1-UTM-Policy web-filtering http-profile ZONE1-ALLOW-SITE-profile

    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-LimitedInternet description "From:ZONE1:any To:INTERNET:only VMWare: any Policy:permit"
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-LimitedInternet match source-address any
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-LimitedInternet match destination-address any
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-LimitedInternet match application junos-http junos-https
    set security policies from-zone ZONE1 to-zone INTERNET policy ZONE1-LimitedInternet then permit application-services utm-policy ZONE1-UTM-Policy