SRX UTM Web Filtering

On SRX, you can configure different types of web filtering. On this post, I would like to talk about

  • Local Web Filtering
  • Enhanced Web Filtering

Topology of our setup is below. As obvious, we will filter HTTP requests sent by the PC towards Internet.


Local Web Filtering

On this type of web filtering, we are using URL filters locally configured on the device. It requires a bit of configuration but you will see that it is intuitive after you configure several times.

First create some custom objects

As you can see we create our objects (URLs or patterns) under url-pattern and
reference these objects under custom-url-category.

Now we create feature profile in which we reference our local URL objects along
with the fallback settings.

“type juniper-local” is an important command that we need to understand
as we can have multiple web filtering types e.g juniper-enhanced and this
commands tells Junos which one is the active one.

Now we need to assign this local profile to a utm policy e.g wf-local

We are almost done. We have finished the UTM config but haven’t assigned
this to the policy which is from TRUST zone to INTERNET. Until you assign
it to a policy no action will be taken.

Now utm policy wf-local is assigned for this particular traffic. We are ready
to filter requests.

if the client PC tries to access site, it will receive the
“Juniper UTM firewall blocked this request” message defined in the custom-block-message.

Enhanced Web Filtering

Enhanced filtering has already built-in categories. You just pick up the one you
like and set the action. Here we will block games and shopping sites and allow all others.

if you have configured local web filtering in the previous step, SRX must have set
its type of filtering as local. Now we must change it to juniper-enhanced as below

Create a new policy referencing enhanced profile

We are ready with the config now and assigning the policy is left.

Now we have assigned enhanced utm policy wf-enhanced under security policy.
If you try to access a shopping site you will receive the following error now.
I don’t want to name any shopping site name here:)

If you want to see statistics and status of web filtering you can run the following
operational commands.

3 thoughts on “SRX UTM Web Filtering

  1. paulzh

    Thanks a lot poster, this is really a good article to read. And I found your blog is fantastic.


You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.