[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Configuring Integrated Web Filtering Feature Profiles (CLI)

After you create your custom objects, configure the surf-control-integrated Web filtering feature profile:

  1. If you are using included global whitelist and blacklist categories, select those global categories. This is the first filtering category that both integrated and redirect Web filtering use. If no match is made, the URL is forwarded to the SurfControl server. The following example selects the Drugs_Alcohol_Tobacco blacklist and the Computing_Internet whitelist:

    user@host# set security utm feature-profile web-filtering url-blacklist Drugs_Alcohol_Tobaccouser@host# set security utm feature-profile web-filtering url-whitelist Computing_Internet

  2. Select surf-control-integrated as your Web filtering engine:

    user@host# set security utm feature-profile web-filtering surf-control-integrated

  3. Set the cache size parameters for surf-control-integrated Web filtering (500 KB is the default). The following example sets the cache size to 500:

    user@host# set security utm feature-profile web-filtering surf-control-integrated cache size 500

  4. Set the cache timeout parameters for surf-control-integrated Web filtering (24 hours is the default and the maximum allowed life span). The following example sets the timeout to 1800:

    user@host# set security utm feature-profile web-filtering surf-control-integrated cache timeout 1800

  5. Set the Surf Control server name or IP address. The following example sets the surfcontrolserver hostname:

    user@host# set security utm feature-profile web-filtering surf-control-integrated server host surfcontrolserver

  6. Enter the port number for communicating with the Surf Control server. (Default ports are 80, 8080, and 8081.) The following example sets the port number to 8080:

    user@host# set security utm feature-profile web-filtering surf-control-integrated server port 8080

  7. Create a surf-control-integrated profile name. The following example creates the surfprofile1 profile:

    user@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1

  8. Select a category from the included whitelist and blacklist categories or select a custom URL category list you created for filtering against. Then enter an action (permit, log and permit, block) to go with the filter as follows (do this as many time as necessary to compile your whitelists and blacklists and their accompanying actions). The following example blocks URLs in the custurl2 category:

    user@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1 category custurl2 action block

  9. Enter a custom message to be sent when HTTP requests are blocked. The following example configures the device to send an ***acces denied*** message:

    user@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1 custom-block-message ***access denied***

  10. Select a default action (permit, log and permit, block) for this profile for requests that experience errors. The following example sets the default action to block:

    user@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1 default block

  11. Select fallback settings (block or log and permit) for this profile. The fallback actions are taken when errors in each configured category occur. The following example sets fallback settings to block:

    user@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1 fallback-settings default blockuser@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1 fallback-settings server-connectivity blockuser@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1 fallback-settings timeout blockuser@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1 fallback-settings too-many-requests block

  12. Enter a timeout value, in seconds. Once this limit is reached, fail mode settings are applied. The default here is 10 seconds. You can enter a value from 10 to 240 seconds. The following example sets the timeout value to 10:

    user@host# set security utm feature-profile web-filtering surf-control-integrated profile surfprofile1 timeout 10

Related Topics

JUNOS Software Feature Support Reference for SRX Series and J Series Devices

[Contents] [Prev] [Next] [Index] [Report an Error]


[an error occurred while processing this directive]