06-14-2012 05:55 AM
There are two options to configure Web-Filtering
1. Integrated -- Uses Juniper's Web-Filtering server
2. Redirected -- You need to have your own Web-Sense server
First one requires License , however you can configure second one without license.
06-14-2012 07:41 AM
Sarab has given you the best answer, however, as a little add on and my experience with firewalls (7 years) I would not use the actual firewall for anything other than, well, firewall. Use seperate boxes for each of the "Nice to have's" that firewall companies now include.
The more things you have your firewall doing the slower it will become and throughput will drop dramatically.
06-15-2012 03:14 AM
06-15-2012 04:03 AM
Actually, in 6.3 even without License you can run a partial web Filtering on device :
Web Filtering Whitelists and Blacklists Without a License—Web filtering supports the following features even if the license key is not installed or has expired:
+ Define custom categories and configure the WebSite you want to Allow/Block
In WebGUI :
Security > WEB Filtering > Categories > Custom
+ Define a profile and put the above categories in the Whitelist to allow the Permitted Category and in Blacklist the blocked category.
Security > WEB Filtering > Profiles > Custom
+ Use this profile in the Policy.
However the above method has come limitations. There is a limit on maximum number of websites that can be defined in a Category.
This could be helpful when you just have few websites( Facebook, orkut & Mail Websites) which you want to block for users and permit everything else.
However if you want to go for Redirect (WebSense) I believe you have to buy an external server and a License from WebSense.