ScreenOS Firewalls (NOT SRX)
Reply
adi
Contributor
adi
Posts: 20
Registered: ‎10-24-2008
0

SSG5 and web filtering

HI

 

i have router ssg5 with firmware 6.3

 

how configurate web filtering without licence key?

 

in policy i havent drop list to select what category i want to use. 

Trusted Expert
sarab
Posts: 354
Registered: ‎05-12-2012
0

Re: SSG5 and web filtering

There are two options to configure Web-Filtering

 

1. Integrated -- Uses Juniper's Web-Filtering server

2. Redirected -- You need to have your own Web-Sense server

 

First one requires License , however you can configure second one without license.

Contributor
adgwytc
Posts: 81
Registered: ‎08-09-2010
0

Re: SSG5 and web filtering

Sarab has given you the best answer, however, as a little add on and my experience with firewalls (7 years) I would not use the actual firewall for anything other than, well, firewall. Use seperate boxes for each of the  "Nice to have's" that firewall companies now include.

 

The more things you have your firewall doing the slower it will become and throughput will drop dramatically.

adi
Contributor
adi
Posts: 20
Registered: ‎10-24-2008
0

Re: SSG5 and web filtering

so i can,t block site with category on ssg5 i must web sense server?

 

how create own server web sense? 

Trusted Expert
sarab
Posts: 354
Registered: ‎05-12-2012
0

Re: SSG5 and web filtering

Actually, in 6.3 even without License you can run a partial web Filtering on device : Web Filtering Whitelists and Blacklists Without a License-Web filtering supports the following features even if the license key is not installed or has expired: + Define custom categories and configure the WebSite you want to Allow/Block In WebGUI : Security > WEB Filtering > Categories > Custom + Define a profile and put the above categories in the Whitelist to allow the Permitted Category and in Blacklist the blocked category. Security > WEB Filtering > Profiles > Custom + Use this profile in the Policy. However the above method has come limitations. There is a limit on maximum number of websites that can be defined in a Category. This could be helpful when you just have few websites( Facebook, orkut & Mail Websites) which you want to block for users and permit everything else. However if you want to go for Redirect (WebSense) I believe you have to buy an external server and a License from WebSense.
Trusted Expert
sarab
Posts: 354
Registered: ‎05-12-2012
0

Re: SSG5 and web filtering

Actually, in 6.3 even without License you can run a partial web Filtering on device :

 

Web Filtering Whitelists and Blacklists Without a License—Web filtering supports the following features even if the license key is not installed or has expired:

 

+ Define custom categories and configure the WebSite you want to Allow/Block 

 

In WebGUI :

 

Security > WEB Filtering > Categories > Custom

 

+ Define a profile and put the above categories in the Whitelist to allow the Permitted Category and in Blacklist the blocked category.

 

  Security > WEB Filtering > Profiles > Custom

 

+ Use this profile in the Policy.

 

However the above method has come limitations. There is a limit on maximum number of websites that can be defined in a Category.

This could be helpful  when you just have few websites( Facebook, orkut & Mail Websites) which you want to block for users and permit everything else.

 

However if you want to go for Redirect (WebSense) I believe you have to buy an external server and a License from WebSense.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.