Enhanced Web Filtering, SRX 5400

Hello ,

Can you increase the cache size from 500 to 1500 and check this again .

Hi Sam;

Thanks for ypu reply, I tried increasing the cache to 1500 but the it didn't fix the issue. The only figure that is increasing is the "Too-many-requests" in the web-filter statistics

Regards

Ibrahim

hello ,

Your configuration seems to be correct .  Do you have the traceoption enabled ? if so please attach the log file . Also if there is too many request , it should hit the "log-and-permit " . But not sure why its getting blocked .

Can you try re-loading the same configuration and try doing a "commit full " .

According to feature explorer, the enhanced web filtering is still only supported by the branch model SRX devices.

http://pathfinder.juniper.net/feature-explorer/feature-info.html?fKey=3280&fn=Enhanced+Web+Filtering

Hello ,

I guess its supported from  12.1X46  .

UTM on next-generation SPC [SRX5400, SRX5600 and SRX5800]—This feature provides support for UTM features, including Sophos antivirus, content filtering, antispam, and enhanced Web filtering on next-generation SPCs.

http://www.juniper.net/techpubs/en_US/junos12.1x46/information-products/topic-collections/release-no...

Hi Sam;

I reloaded the configuration using commit full but the issue exists, and you are correct about the too many requests as they are hitting the log-and-permit, however all other statistics are 0 and I can't browse.

There is also a point that I would like to illustrate, when I tried to check to configuration using the J-web I couldn't find the tab of the UTM under the security tab at all.

Regards

Ibrahim

Hello ,

Can you share the Licence information from your device :

> show system licences

> show system uptime

Hi Sam;

Please find the information regarding the license information below:

root> show system license
License usage:
                                                             Licenses                 Licenses                  Licenses                   Expiry
Feature name                                           used                  installed                     needed
idp-sig                                                               1                               1                                 0                   2016-03-01 03:00:00 EAT
appid-sig                                                          0                               1                                  0                  2016-03-01 03:00:00 EAT
logical-system                                                 1                               1                                  0                  permanent
wf_key_websense_ewf                                 1                               1                                  0                  2015-07-23 03:00:00 EAT

Licenses installed:
     License identifier: JUNOS607146
     License version: 4
     Valid for device: JN123CCBDAGF
     Features:
          idp-sig                  - IDP Signature
              date-based, 2015-03-03 03:00:00 EAT - 2016-03-01 03:00:00 EAT

     License identifier: JUNOS607148
     License version: 4
     Valid for device: JN123CCBDAGF
     Features:
          appid-sig            - APPID Signature
                date-based, 2015-03-03 03:00:00 EAT - 2016-03-01 03:00:00 EAT

     License identifier: JUNOS644809
     License version: 4
     Valid for device: JN123CCBDAGF
     Features:
        wf_key_websense_ewf - Web Filtering EWF
            date-based, 2015-06-23 03:00:00 EAT - 2015-07-23 03:00:00 EAT

root> show system uptime
node0:
--------------------------------------------------------------------------
Current time:    2015-06-30 09:26:06 EAT
System booted:    2015-05-28 02:08:58 EAT (4w5d 07:17 ago)
Protocols started:    2015-05-28 03:00:25 EAT (4w5d 06:25 ago)
Last configured:    2015-06-30 09:05:17 EAT (00:20:49 ago) by root
9:26AM up 33 days, 7:17, 2 users, load averages: 0.06, 0.02, 0.04

node1:
--------------------------------------------------------------------------
Current time:    2015-06-30 09:25:46 EAT
System booted:    2015-05-28 05:30:16 EAT (4w5d 03:55 ago)
Last configured:    2015-06-30 09:04:57 EAT (00:20:49 ago) by root
9:25AM up 33 days, 3:56, 0 users, load averages: 0.00, 0.01, 0.00

Regards

Ibrahim

Hello ,

Thanks for the output .  While I was going through the  doccument , I poined out this in my previous update , the UTM feature on SRX5400 is supported on Next-gen SPcs :

UTM on next-generation SPC [SRX5400, SRX5600 and SRX5800]—This feature provides support for UTM features, including Sophos antivirus, content filtering, antispam, and enhanced Web filtering on " next-generation SPCs ".

But I have seen it work with current gen SPCs also . But here the issue is that all your web traffic is blocked when you enable the UTM EWF  . So need to check this by applying flow traces and UTM traceoptions .

Also adviced to open a JTAC ticket to troubleshoot this in detail .  Will it be possible to test this aftre an upgrade to 12.1X47 ?

Hello Sam;

Thanks for your reply, I will configure traceoptions and share the output from them, furthermore I will investigate the possibility of upgrading the firewall since it is working in production enviroment.

Best Regards

Ibrahim

Hello ,

Thanks for the update , keep us posted on the traces and upgarde .