Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  question for web filtering

    Posted 09-17-2015 20:44

    Hi guys,

     

    We need the feature that it can block the Internet traffic base on time. For example, we want to block certain web sites from 9am to 12pm, and 1pm to 5pm on the work days. Which protocol I should use?There are three "Protocol" we can choose from the Web Filtering. Which one we should choose? What is the difference between a SurfControl server and Websens server?


    I tried to block certain websites without using server by configuring the Custom categories. The http version can be blocked, but not the https ones. Can you please give a suggestion? If we purchase the "SurfControl server" or "Websens server", can we block https?

     

    Thank you for your response.

     

    Regards

     

     

     

     

     



  • 2.  RE: question for web filtering

    Posted 09-17-2015 21:41

    Hi,

     

    You can try configuring scheduling in a policy to get the time based internet access.

     

    Please follow the below KB:

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB4123

     

    Cheers,

    Dipanshu



  • 3.  RE: question for web filtering

    Posted 09-18-2015 09:46

    To add to this, if you are running 6.2 and higher, you can block HTTPS if you use WebSense redirect.

     

    https://www.juniper.net/techpubs/software/screenos/screenos6.2.0/rn-620r18-rev02.pdf, page 21

     

    Redirect Web Filtering of HTTPS Traffic - ScreenOS 6.2.0 includes the ability to
    redirect and filter HTTPS traffic using Websense URL filtering. Prior releases only
    allowed redirect of HTTP traffic. As with the earlier HTTP-only implementation, this
    enhancement allows the device to intercept the first HTTPS request for each new TCP
    connection and then sends a request to Websense to determine whether or not the
    request should be blocked.



  • 4.  RE: question for web filtering

     
    Posted 09-18-2015 09:43

    Hello,

     

    https traffic filtering using web filtering option is supported only with web filter redirect which requires websense server.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB24776&actp=RSS

     

    As web filtering is applied under policy, you can configure scheduling as mentioned by BhatnagarD.

     

    Regards,

     

    Rushi

     



  • 5.  RE: question for web filtering

    Posted 09-19-2015 23:08

    Thank you guys.

     

    We are going to use Websense to achieve it. Is there a external Websense server which Websnese can provide? That will be much more convenient since we just need to purchase the service from Websense. Or we have to setup a internal Websense server for this?

     

     



  • 6.  RE: question for web filtering

    Posted 09-21-2015 16:56

    Anyone knows? Thank you....



  • 7.  RE: question for web filtering
    Best Answer

    Posted 09-21-2015 17:22

    It requires an internal server that you maintain.  Yolu would need to purchase the license for the Websense software from Websense directly.



  • 8.  RE: question for web filtering

    Posted 09-21-2015 22:39

    Awsome, thank you very much.