Example: Configuring Content Filtering Feature Profiles (CLI)

After you create your custom objects, configure the content-filtering feature profile:

1. Create the content-filtering profile. The following example creates the confilter1 profile:
   user@host# set security utm feature-profile content-filtering profile confilter1
2. Apply protocol block command custom objects to the content-filtering profile. The following example applies the ftpprotocom1protocol command list custom object to the confilter1 feature profile:
   user@host# set security utm feature-profile content-filtering profile confilter1 block-command ftpprotocom1
3. Apply blocks to other available content. The list of content types available from the “block-content-type” command are only supported for HTTP blocking. The following example applies blocks to java applets, executable files, and HTTP cookies:
   user@host# set security utm feature-profile content-filtering profile confilter1 block-content-type java-applet exe http-cookie
4. Apply extension list custom objects to the content-filtering profile for blocking extensions. The following example applies the extlist2 custom object to the confilter1 content-filtering profile:
   user@host# set security utm feature-profile content-filtering profile confilter1block-extension extlist2
5. Apply MIME pattern list custom objects to the content-filtering profile for blocking MIME types. If configured, you can also apply a MIME exception list. The following example applies the cfmime1 and ex-cfmime1 lists to the confilter1 profile:
   user@host# set security utm feature-profile content-filtering profile confilter1 block-mime list cfmime1 exception ex-cfmime1
6. Apply protocol permit command custom objects to the content-filtering profile. (The permit protocol command list is intended to act as an exception list for the block protocol command list.) The following example applies the ftpprotocom2 protocol permit command custom object to the confilter1 profile:
   user@host# set security utm feature-profile content-filtering profile confilter1 permit-command ftpprotocom2

   Note: Protocol command lists, both permit and block, are created by using the same custom object.

7. Configure the notification options. You can configure notifications with custom messages or specify that no notifications be sent. In this example, you configure a custom message and send a notification message:
   user@host# set security utm feature-profile content-filtering profile confilter1 notification-options custom-message “the action is not taken” notify-mail-sender type message

Related Topics

JUNOS Software Feature Support Reference for SRX Series and J Series Devices