- J-Net
- :
- Forums
- :
- SRX Services Gateway
- :
- Enhanced Web Filtering, SRX 5400
- Application Acceleration 
- BLOG: Community Talk 
- BLOG: Information Experience (iX) 
- Community Feedback 
- Contrail Platform Developers 
- Ethernet Switching 
- Identity & Policy Control - SBR Carrier & SRC 
- Intrusion Prevention 
- Junos 
- Junos Automation (Scripting) 
- Junos Space Developer 
- Junosphere 
- Management 
- Routing 
- ScreenOS Firewalls (NOT SRX) 
- SRX Services Gateway 
- Training, Certification, and Career Topics 
- vMX 
- vSRX 
- Wireless LAN 
- Juniper Open Learning 
- Day One Books Archive 
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Enhanced Web Filtering, SRX 5400
Hello Everyone;
I am configuring an SRX 5400 with Juniper Enhanced web-filtering.
When I commit the configuration I can't browse anymore, as the browser showing all pages as not available (time out).
Below is the configuration I used on the firewall:
traceoptions {
flag all;
}
application-proxy {
traceoptions {
flag all;
}
}
feature-profile {
web-filtering {
type juniper-enhanced;
traceoptions {
flag all;
}
juniper-enhanced {
cache {
timeout 1800;
size 500;
}
server {
host rp.cloud.threatseeker.com;
port 80;
}
profile TEST {
category {
Enhanced_Adult_Content {
action block;
}
Enhanced_Adult_Material {
action block;
}
Enhanced_Gay_or_Lesbian_or_Bisexual_Interest {
action block;
}
Enhanced_Nudity {
action block;
}
Enhanced_Sex {
action block;
}
Enhanced_Sex_Education {
action block;
}
}
default permit;
custom-block-message "***access denied ***";
fallback-settings {
default log-and-permit;
server-connectivity log-and-permit;
timeout log-and-permit;
too-many-requests log-and-permit;
}
timeout 120;
}
}
}
}
utm-policy Filtering {
web-filtering {
http-profile TEST;
}
}
As for the policy configuration:
from-zone trust to-zone untrust {
policy trust-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
utm-policy Filtering;
}
}
log {
session-close;
}
}
}
}
When I check the server status I can see that it is up as seen in the following command:
root# run show security utm web-filtering status
node0:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server UP
node1:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN
An important note I came accross is that all statistics in the webfilter are 0 except for the "Too-many-requests" field which was increasing while I was trying to browse the web.
My software version is [12.1X46-D25.7] and I am using the firewall in cluster mode as appeart from the above configuration.
Did I miss anything in my setup?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
[ Edited ]Hello ,
Can you increase the cache size from 500 to 1500 and check this again .
Thanks,
Sam
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
Hi Sam;
Thanks for ypu reply, I tried increasing the cache to 1500 but the it didn't fix the issue. The only figure that is increasing is the "Too-many-requests" in the web-filter statistics
Regards
Ibrahim
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
hello ,
Your configuration seems to be correct . Do you have the traceoption enabled ? if so please attach the log file . Also if there is too many request , it should hit the "log-and-permit " . But not sure why its getting blocked .
Can you try re-loading the same configuration and try doing a "commit full " .
Thanks,
Sam
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
According to feature explorer, the enhanced web filtering is still only supported by the branch model SRX devices.
http://pathfinder.juniper.net/feature-explorer/feature-info.html?fKey=3280&fn=Enhanced+Web+Filtering
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
Hello ,
I guess its supported from 12.1X46 .
UTM on next-generation SPC [SRX5400, SRX5600 and SRX5800]—This feature provides support for UTM features, including Sophos antivirus, content filtering, antispam, and enhanced Web filtering on next-generation SPCs.
Thanks,
Sam
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
Hi Sam;
I reloaded the configuration using commit full but the issue exists, and you are correct about the too many requests as they are hitting the log-and-permit, however all other statistics are 0 and I can't browse.
There is also a point that I would like to illustrate, when I tried to check to configuration using the J-web I couldn't find the tab of the UTM under the security tab at all.
Regards
Ibrahim
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
Hello ,
Can you share the Licence information from your device :
> show system licences
> show system uptime
Thanks,
Sam
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
Hi Sam;
Please find the information regarding the license information below:
root> show system license
License usage:
Licenses Licenses Licenses Expiry
Feature name used installed needed
idp-sig 1 1 0 2016-03-01 03:00:00 EAT
appid-sig 0 1 0 2016-03-01 03:00:00 EAT
logical-system 1 1 0 permanent
wf_key_websense_ewf 1 1 0 2015-07-23 03:00:00 EAT
Licenses installed:
License identifier: JUNOS607146
License version: 4
Valid for device: JN123CCBDAGF
Features:
idp-sig - IDP Signature
date-based, 2015-03-03 03:00:00 EAT - 2016-03-01 03:00:00 EAT
License identifier: JUNOS607148
License version: 4
Valid for device: JN123CCBDAGF
Features:
appid-sig - APPID Signature
date-based, 2015-03-03 03:00:00 EAT - 2016-03-01 03:00:00 EAT
License identifier: JUNOS644809
License version: 4
Valid for device: JN123CCBDAGF
Features:
wf_key_websense_ewf - Web Filtering EWF
date-based, 2015-06-23 03:00:00 EAT - 2015-07-23 03:00:00 EAT
root> show system uptime
node0:
--------------------------------------------------------------------------
Current time: 2015-06-30 09:26:06 EAT
System booted: 2015-05-28 02:08:58 EAT (4w5d 07:17 ago)
Protocols started: 2015-05-28 03:00:25 EAT (4w5d 06:25 ago)
Last configured: 2015-06-30 09:05:17 EAT (00:20:49 ago) by root
9:26AM up 33 days, 7:17, 2 users, load averages: 0.06, 0.02, 0.04
node1:
--------------------------------------------------------------------------
Current time: 2015-06-30 09:25:46 EAT
System booted: 2015-05-28 05:30:16 EAT (4w5d 03:55 ago)
Last configured: 2015-06-30 09:04:57 EAT (00:20:49 ago) by root
9:25AM up 33 days, 3:56, 0 users, load averages: 0.00, 0.01, 0.00
Regards
Ibrahim
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
Hello ,
Thanks for the output . While I was going through the doccument , I poined out this in my previous update , the UTM feature on SRX5400 is supported on Next-gen SPcs :
UTM on next-generation SPC [SRX5400, SRX5600 and SRX5800]—This feature provides support for UTM features, including Sophos antivirus, content filtering, antispam, and enhanced Web filtering on " next-generation SPCs ".
But I have seen it work with current gen SPCs also . But here the issue is that all your web traffic is blocked when you enable the UTM EWF . So need to check this by applying flow traces and UTM traceoptions .
Also adviced to open a JTAC ticket to troubleshoot this in detail . Will it be possible to test this aftre an upgrade to 12.1X47 ?
Thanks,
Sam
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
Hello Sam;
Thanks for your reply, I will configure traceoptions and share the output from them, furthermore I will investigate the possibility of upgrading the firewall since it is working in production enviroment.
Best Regards
Ibrahim
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Enhanced Web Filtering, SRX 5400
Hello ,
Thanks for the update , keep us posted on the traces and upgarde .
Thanks,
Sam
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....