profile (Explicit Proxy)
Syntax
profile name {
default-policy(deny-all | permit-all);
policy name {
description description;
match {
destination-address;
destination-address-excluded;
destination-identity-feed [ destination-identity-feed ... ];
dynamic-application;
application;
source-address;
source-address-excluded;
source-identity;
source-identity-feed [ source-identity-feed ... ];
source-end-user-profile< source-end-user-profile-name>;
url-category;
}
report-skip;
scheduler-name scheduler-name;
then {
deny {
application-services {
security-intelligence {
add-destination-identity-to-feed name-of-feed;
add-destination-ip-to-feed name-of-feed;
add-source-identity-to-feed name-of-feed;
add-source-ip-to-feed name-of-feed;
}
}
}
log {
profile profile;
session-close;
session-init;
session-update minutes;
}
permit {
advanced-connection-tracking;
application-services {
advanced-anti-malware-policy advanced-anti-malware-policy;
anti-virus-policy anti-virus-policy;
application-traffic-control {
rule-set rule-set;
}
icap-redirect icap-redirect;
idp-policy idp-policy;
packet-capture;
security-intelligence {
add-destination-identity-to-feed name-of-feed;
add-destination-ip-to-feed name-of-feed;
add-source-identity-to-feed name-of-feed;
add-source-ip-to-feed name-of-feed;
}
security-intelligence-policy security-intelligence-policy;
ssl-proxy {
profile-name profile-name;
}
utm-policy utm-policy;
destination-address {
(drop-translated | drop-untranslated);
}
firewall-authentication {
pass-through {
access-profile access-profile;
auth-only-browser;
auth-user-agent name;
client-match [ client-match ... ];
ssl-termination-profile ssl-termination-profile;
web-authentication-server web-authentication-server;
web-redirect;
web-redirect-to-https;
}
user-firewall {
access-profile access-profile;
auth-only-browser;
auth-user-agent name;
domain domain;
ssl-termination-profile ssl-termination-profile;
web-authentication-server web-authentication-server;
web-redirect;
web-redirect-to-https;
}
web-authentication {
client-match [ client-match ... ];
}
push-to-identity-management;
}
no-services-offload;
tcp-options {
initial-tcp-mss initial-tcp-mss;
reverse-tcp-mss reverse-tcp-mss;
sequence-check-required;
syn-check-required;
window-scale;
}
tunnel {
ipsec-vpn ipsec-vpn;
pair-policy pair-policy;
}
tunnel-inspection profile-name;
}
reject {
application-services {
security-intelligence {
add-destination-identity-to-feed name-of-feed;
add-destination-ip-to-feed name-of-feed;
add-source-identity-to-feed name-of-feed;
add-source-ip-to-feed name-of-feed;
}
}
profile profile;
ssl-proxy {
profile-name profile-name;
}
}
count {
}
}
}Hierarchy Level
[edit logical-systems name tenants name security policies explicit-proxy], [edit security policies explicit-proxy], [edit tenants name security policies explicit-proxy]
Description
Define a explicit proxy profile policy context.
The SRX Series Firewall applies security enforcement based on the rules created in the explicit web proxy profile policy.
Options
| name |
Explicit proxy profile name |
| default-policy |
Default policy action when no policy matches in rulebase.
|
| policy |
Define security policy for explicit proxy profile. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 23.4R1.