JNCIS-SEC [ Web Filtering ]

There are three types of Web Filtering solutions:

1) Integrated Web Filtering:  This solution intercepts every HTTP request in a TCP connection. Then device identifies the category of a URL either from user-defined categories or from a category server (Surf Control Content Portal by Websense)

2) Redirect Web Filtering: This solution intercepts HTTP requests and sends them to an external URL filtering server (websense) to determine if URL is to be blocked or not

3) Local web filtering: This solution intercepts every HTTP request and device looks up a URL to determine if it is in the whitelist or blacklist based on its user-defined category.

*TIP: Web filtering profiles or antivirus profiles or both can be applied to a firewall policy.  If both applied, web filtering is applied first and then antivirus is applied. If URL is blocked, TCP connection is closed and no antivirus scanning is performed.

Configuring Integrated Web Filtering

Custom Objects

[edit security utm custom-objects]
root@host# show
url-pattern {
    url-list-1 {
        value http://www.example.com;
    }
    url-list-black {
        value [ http://www.example2.com 7.7.7.7 ];
    }
    url-list-white {
        value [ http://www.example3.com 1.1.1.1 ];
    }
}
custom-url-category {
    cust-list-1 {
        value url-list-1;
    }
    cust-list-black {
        value url-list-black;
    }
    cust-list-white {
        value url-list-white;
    }
} Feature Profile

[edit security utm]
root@host# show feature-profile
web-filtering {
    url-whitelist cust-list-white;
    url-blacklist cust-list-black;
    type juniper-local;
    surf-control-integrated {
        cache {
            timeout 1700;
            size 500;
        }
        server {
            host surfcontrol.surfcontrol.com;
        }
        profile surfprofile1 {
            category {
                cust-list-1 {
                    action block;
                }
            }
            default block;
            custom-block-message “***ACCESS DENIED***”;
            fallback-settings {
                default block;
                server-connectivity block;
                timeout block;
                too-many-requests block;
            }
            timeout 10;
        }
    }
}
UTM Policy
[edit security utm]
root@host# show | find utm-policy
utm-policy utm-pol1 {
    web-filtering {
        http-profile surfprofile1;
    }
}
FIXME: Not complete yet

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading