SRX Services Gateway
SRX Services Gateway

Enhanced Web Filtering, SRX 5400

‎06-29-2015 01:16 AM

Hello Everyone;

 

I am configuring an SRX 5400 with Juniper Enhanced web-filtering.

 

When I commit the configuration I can't browse anymore, as the browser showing all pages as not available (time out).

 

Below is the configuration I used on the firewall:

 

 

traceoptions {

          flag all;
}

application-proxy {
          traceoptions {
                   flag all;
          }
}
feature-profile {
          web-filtering {
                   type juniper-enhanced;
                   traceoptions {
                         flag all;
                   }
                   juniper-enhanced {
                         cache {
                                  timeout 1800;
                                  size 500;
                         }
                         server {
                                  host rp.cloud.threatseeker.com;
                                  port 80;
                         }
                         profile TEST {
                                category {
                                        Enhanced_Adult_Content {
                                                  action block;
                                        }
                                        Enhanced_Adult_Material {
                                                  action block;
                                        }
                                        Enhanced_Gay_or_Lesbian_or_Bisexual_Interest {
                                                  action block;
                                        }
                                        Enhanced_Nudity {
                                                  action block;
                                        }
                                        Enhanced_Sex {
                                                  action block;
                                        }
                                        Enhanced_Sex_Education {
                                                  action block;
                                        }
                             }
                             default permit;
                             custom-block-message "***access denied ***";
                             fallback-settings {
                                  default log-and-permit;
                                  server-connectivity log-and-permit;
                                  timeout log-and-permit;
                                  too-many-requests log-and-permit;
                            }
                            timeout 120;
                   }
           }
    }
}
utm-policy Filtering {
        web-filtering {
                 http-profile TEST;
        }
}

 

 

As for the policy configuration:

 

from-zone trust to-zone untrust {
       policy trust-untrust {
              match {
                       source-address any;
                       destination-address any;
                       application any;
              }
              then {
                     permit {
                           application-services {
                                   utm-policy Filtering;
                           }
                    }
                    log {
                           session-close;
                    }
            }
     }
}

 

When I check the server status I can see that it is up as seen in the following command:

 

root# run show security utm web-filtering status


node0:
--------------------------------------------------------------------------
    UTM web-filtering status:
             Server status: Juniper Enhanced using Websense server UP

node1:
--------------------------------------------------------------------------
    UTM web-filtering status:
             Server status: Juniper Enhanced using Websense server DOWN

 

An important note I came accross is that all statistics in the webfilter are 0 except for the "Too-many-requests" field which was increasing while I was trying to browse the web.

 

My software version is [12.1X46-D25.7] and I am using the firewall in cluster mode as appeart from the above configuration.

 

Did I miss anything in my setup?

11 REPLIES 11
SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

[ Edited ]
‎06-29-2015 02:07 AM

Hello ,

 

Can you increase the cache size from 500 to 1500 and check this again .


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-29-2015 04:27 AM

Hi Sam;

 

Thanks for ypu reply, I tried increasing the cache to 1500 but the it didn't fix the issue. The only figure that is increasing is the "Too-many-requests" in the web-filter statistics

 

Regards

Ibrahim

SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-29-2015 05:35 AM

hello ,

 

Your configuration seems to be correct .  Do you have the traceoption enabled ? if so please attach the log file . Also if there is too many request , it should hit the "log-and-permit " . But not sure why its getting blocked .

 

Can you try re-loading the same configuration and try doing a "commit full " .

 

 


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-29-2015 05:51 AM

According to feature explorer, the enhanced web filtering is still only supported by the branch model SRX devices.

 

http://pathfinder.juniper.net/feature-explorer/feature-info.html?fKey=3280&fn=Enhanced+Web+Filtering

 

Screen Shot 2015-06-29 at 8.49.24 AM.png

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-29-2015 06:44 AM

Hello ,

 

I guess its supported from  12.1X46  .

 

UTM on next-generation SPC [SRX5400, SRX5600 and SRX5800]—This feature provides support for UTM features, including Sophos antivirus, content filtering, antispam, and enhanced Web filtering on next-generation SPCs.

 

http://www.juniper.net/techpubs/en_US/junos12.1x46/information-products/topic-collections/release-no...


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-29-2015 11:19 PM

Hi Sam;

 

I reloaded the configuration using commit full but the issue exists, and you are correct about the too many requests as they are hitting the log-and-permit, however all other statistics are 0 and I can't browse.

 

There is also a point that I would like to illustrate, when I tried to check to configuration using the J-web I couldn't find the tab of the UTM under the security tab at all.

 

Regards

Ibrahim

SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-29-2015 11:21 PM

Hello ,

 

Can you share the Licence information from your device :

 

> show system licences

> show system uptime


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-29-2015 11:31 PM

Hi Sam;

 

Please find the information regarding the license information below:

 

root> show system license
License usage:
                                                             Licenses                 Licenses                  Licenses                   Expiry
Feature name                                           used                  installed                     needed
idp-sig                                                               1                               1                                 0                   2016-03-01 03:00:00 EAT
appid-sig                                                          0                               1                                  0                  2016-03-01 03:00:00 EAT
logical-system                                                 1                               1                                  0                  permanent
wf_key_websense_ewf                                 1                               1                                  0                  2015-07-23 03:00:00 EAT

 

Licenses installed:
     License identifier: JUNOS607146
     License version: 4
     Valid for device: JN123CCBDAGF
     Features:
          idp-sig                  - IDP Signature
              date-based, 2015-03-03 03:00:00 EAT - 2016-03-01 03:00:00 EAT

     License identifier: JUNOS607148
     License version: 4
     Valid for device: JN123CCBDAGF
     Features:
          appid-sig            - APPID Signature
                date-based, 2015-03-03 03:00:00 EAT - 2016-03-01 03:00:00 EAT

 

     License identifier: JUNOS644809
     License version: 4
     Valid for device: JN123CCBDAGF
     Features:
        wf_key_websense_ewf - Web Filtering EWF
            date-based, 2015-06-23 03:00:00 EAT - 2015-07-23 03:00:00 EAT

 

 

root> show system uptime
node0:
--------------------------------------------------------------------------
Current time:    2015-06-30 09:26:06 EAT
System booted:    2015-05-28 02:08:58 EAT (4w5d 07:17 ago)
Protocols started:    2015-05-28 03:00:25 EAT (4w5d 06:25 ago)
Last configured:    2015-06-30 09:05:17 EAT (00:20:49 ago) by root
9:26AM up 33 days, 7:17, 2 users, load averages: 0.06, 0.02, 0.04

node1:
--------------------------------------------------------------------------
Current time:    2015-06-30 09:25:46 EAT
System booted:    2015-05-28 05:30:16 EAT (4w5d 03:55 ago)
Last configured:    2015-06-30 09:04:57 EAT (00:20:49 ago) by root
9:25AM up 33 days, 3:56, 0 users, load averages: 0.00, 0.01, 0.00

 

Regards

Ibrahim

SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-29-2015 11:52 PM

Hello ,

 

Thanks for the output .  While I was going through the  doccument , I poined out this in my previous update , the UTM feature on SRX5400 is supported on Next-gen SPcs :

 

UTM on next-generation SPC [SRX5400, SRX5600 and SRX5800]—This feature provides support for UTM features, including Sophos antivirus, content filtering, antispam, and enhanced Web filtering on " next-generation SPCs ".

 

But I have seen it work with current gen SPCs also . But here the issue is that all your web traffic is blocked when you enable the UTM EWF  . So need to check this by applying flow traces and UTM traceoptions .

 

Also adviced to open a JTAC ticket to troubleshoot this in detail .  Will it be possible to test this aftre an upgrade to 12.1X47 ?


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-30-2015 12:04 AM

Hello Sam;

 

Thanks for your reply, I will configure traceoptions and share the output from them, furthermore I will investigate the possibility of upgrading the firewall since it is working in production enviroment.

 

Best Regards

Ibrahim

SRX Services Gateway

Re: Enhanced Web Filtering, SRX 5400

‎06-30-2015 12:07 AM

Hello ,

 

Thanks for the update , keep us posted on the traces and upgarde .


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....