SRX

HI All,

Just putting this post as unfortunately none of KBs can solve my issue which is :

UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN

I've a single license for Enhanced Web Filtering on A/P cluster and the license is properly installed on Node0

License usage:
                                               Licenses   Licenses               Licenses    Expiry
                                               name        used installed        needed

wf_key_websense_ewf                   1            1                        0               2016-12-03 01:00:00 CET

Here is my conf for Web-Filtering

web-filtering {
url-whitelist custwhiltelist;
url-blacklist custblacklist;
type juniper-enhanced;
traceoptions {
flag all;
}
surf-control-integrated {
cache {
timeout 1800;
size 500;
}
}
juniper-enhanced {
cache {
timeout 1800;
size 500;
}
server {
host rp.cloud.threatseeker.com;
port 80;
}
profile junos-wf-enhanced-default {
category {
Enhanced_Hacking {
action block;
}

}
Enhanced_Abused_Drugs {
action block;
}
###more categories###
}
Enhanced_Personals_and_Dating {
action block;
}
}
site-reputation-action {
very-safe permit;
moderately-safe log-and-permit;
fairly-safe log-and-permit;
harmful block;
}
default block;
custom-block-message "*** TRESCI BLOKOWANE! WYDZIAL INFORMATYKI UdSC ***";
fallback-settings {
server-connectivity log-and-permit;
timeout log-and-permit;
too-many-requests log-and-permit;
}
no-safe-search;
}
}
}
}
utm-policy utm-protect {
web-filtering {
http-profile junos-wf-enhanced-default;
}
}

I can ping/telent to rp.cloud.threatseeker.com but the service still shows DOWN status

root@node0-srx650> show security utm web-filtering status
node0:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN

node1:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN

After "commit" the config I can observe the web filtering stats

root@node0-srx650> show security utm web-filtering statistics
node0:
--------------------------------------------------------------------------
UTM web-filtering statistics:
Total requests: 34278
white list hit: 0
Black list hit: 0
Queries to server: 34278
Server reply permit: 0
Server reply block: 0
Custom category permit: 0
Custom category block: 0
Site reputation permit: 0
Site reputation block: 0
Cache hit permit: 0
Cache hit block: 0
Safe-search redirect: 0
Web-filtering sessions in total: 64000
Web-filtering sessions in use: 533
Fallback: log-and-permit block
Default 0 0
Timeout 0 0
Connectivity 0 0
Too-many-requests 0 0

Does anyone know what could be blocking the service to change the state to UP? 

Any ideas highly appreciated and welcome!

Hello,

just though to share with some update 

The server status is UP now 

root@node1-srx650> show security utm web-filtering status
node0:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN

node1:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server UP

but now NO hints in th statistics and sites are not blocked based on given categories

node1:
--------------------------------------------------------------------------
UTM web-filtering statistics:
Total requests: 5
white list hit: 0
Black list hit: 0
Queries to server: 3
Server reply permit: 0
Server reply block: 0
Custom category permit: 0
Custom category block: 0
Site reputation permit: 0
Site reputation block: 0
Cache hit permit: 0
Cache hit block: 0
Safe-search redirect: 0
Web-filtering sessions in total: 64000
Web-filtering sessions in use: 0
Fallback: log-and-permit block
Default 1 0
Timeout 44685 0
Connectivity 0 0
Too-many-requests 0 0

Policy still the same :

root@node1-srx650> show security policies policy-name webfiltering detail
node1:
--------------------------------------------------------------------------
Policy: webfiltering, action-type: permit, State: enabled, Index: 4, Scope Policy: 0
Policy Type: Configured
Sequence number: 2
From zone: trust, To zone: untrust
Source addresses:
any-ipv4: 0.0.0.0/0
any-ipv6: ::/0
Destination addresses:
any-ipv4: 0.0.0.0/0
any-ipv6: ::/0
Application: any
IP protocol: 0, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [0-0]
Per policy TCP Options: SYN check: No, SEQ check: No
Intrusion Detection and Prevention: disabled
Unified Access Control: disabled
Unified Threat Management: 0x06000003
Session log: at-create, at-close

policy webfiltering {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
utm-policy utm-protect;
}

utm-policy utm-protect {
web-filtering {
http-profile junos-wf-enhanced-default;

Here are the key summary points:

- License in place and server UP

- web filtering type set to juniper-enhanced

- ntp synchronized with ATOM time server

- http profile junos-wf-enhanced-default added to web-filtering, customized with predefined categories and action set to "block"

- site-reputation-action configured

- fallback-settings configured

- top http policy "webfiltering" assigned from Trust to Untrust

- Junos ver 11.4R9.4 means taht EWF is supported

Any ideas are very welcome!

Hello,

Just would like to share with my solution. 

"Juniper Enhanced using Websense server DOWN" was caused by the license which had to be installed again. Somehow the license has been lost after registered by Serial Number of the box  😄

Even when the server went UP I couldn't see any of web blocking logs. Blocked categories just didn't work as expected. I had no any web statistics as well.

My solution was just about :

1. Change the EWF server to: cluster-k.cloud.threatseeker.com. The most well known server address is "rp.cloud.threatseeker.com" which didn't work for me even though I could reach it.

2. It'a also good to check the connection. 

>traceroute monitor cluster-k.cloud.threatseeker.com

2. Move/Set the EWF security policy on the top. Make sure that it's matched before than IDP policy if you have any!

#edit security policies from-zone trust to-zone untrust
#insert policy ewf-policy before policy idp-policy 
#top 
#commit

Have Fun! 

Hi, i am facing same issue, i have posted my query available at following link

(http://forums.juniper.net/t5/SRX-Services-Gateway/Enhanced-Web-Filtering-Not-Working/td-p/244634) .

As per your advice i have changed threat seek cloud sever to other one mentioned in your post and 100% connectivity is also there with both servers.   Earlier i have added trial license for Junos 11.4 R .....(below 9) and there were no logs available for Enhanced Web Filtering but after reading your post i have upgraded Junos to 12.1....and now Enhanced Web filtering logs are being written to specific log files , which means it is now working but no query response from server is received ... any guidance to resolve the issue , please