SRX Services Gateway
Highlighted
SRX Services Gateway

Local Web Filter Blacklist and Default Block

[ Edited ]
‎10-22-2017 08:48 AM
Hi all

When configuring the local web URL filter on the SRX is it compulsory to have a blackllist or could you have a whitelist with the URL(s) you wish to permit then next utilise the default action of block to deny everything else?

This may seem like a daft question but I tried this the other day on a vSRX and it appeared that everything was permitted regardless of the requested URL. Thinking I may have missed something, a quirk perhaps of how this is supposed to work.

Thank you.
4 REPLIES 4
Highlighted
SRX Services Gateway
Solution
Accepted by topic author devs
‎10-22-2017 11:06 PM

Re: Local Web Filter Blacklist and Default Block

‎10-22-2017 09:18 AM
Your understanding is correct. Just configure white list to allow the specific URLS you want to allow and configure default block to block everything else.

root@srx> show configuration security utm
custom-objects {
url-pattern {
url1 {
value www.google.com;
}
}
custom-url-category {
Google {
value [ url1];
}
}
}
feature-profile {
web-filtering {
url-whitelist Google;
type juniper-local;
juniper-local {
profile Test {
default block;
}
}
}
}

root@srx >

https://www.juniper.net/documentation/en_US/junos/topics/example/utm-web-filtering-local-custom-obje...
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: Local Web Filter Blacklist and Default Block

‎10-22-2017 09:44 AM
Thank you Suraj

I'll try again tomorrow once more and hopefully get it to work this time. I either misconfigured or didn't test properly last time. I'll update this thread after.
Highlighted
SRX Services Gateway

Re: Local Web Filter Blacklist and Default Block

‎10-22-2017 11:06 PM

Hi Suraj


I realised I had configured the 'default block' command under the 'fallback-settings' and not directly under the 'juniper-local' profile itself. Now that I've done that it works as intended.

 

Thank you.

Highlighted
SRX Services Gateway

Re: Local Web Filter Blacklist and Default Block

‎04-06-2019 06:13 AM

Hello ,

 

refering to this KB iam unable to create categroy in juniper local profile under web filter . as per KB category can be defind in profile itself . please help

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-utm-local-web-filtering....

Feedback