Hi Experts,
We´ve been trying to do a simple local web-filtering whithout success. When troubleshooting it, we see that all URL shown in the logs are IP addresses (destination addresses of the visited sites). As an example:
root@SRX# run show log WEB
Sep 9 00:31:47 SRX clear-log[7955]: logfile cleared
Sep 9 01:06:05 SRX RT_UTM: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.70.2(51435)->157.55.235.147(443) CATEGORY="N/A" REASON="BY_OTHER" PROFILE="WF-PROFILE" URL=157.55.235.147 OBJ=/ USERNAME=N/A ROLES=N/A
Sep 9 01:06:15 SRX RT_UTM: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.70.2(51461)->91.190.216.23(443) CATEGORY="N/A" REASON="BY_OTHER" PROFILE="WF-PROFILE" URL=91.190.216.23 OBJ=/ USERNAME=N/A ROLES=N/A
Sep 9 01:06:16 SRX RT_UTM: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.70.2(51470)->181.24.14.145(443) CATEGORY="N/A" REASON="BY_OTHER" PROFILE="WF-PROFILE" URL=181.24.14.145 OBJ=/ USERNAME=N/A ROLES=N/A
Sep 9 01:06:16 SRX RT_UTM: WEBFILTER_URL_PERMITTED: WebFilter: ACTION="URL Permitted" 192.168.70.2(51478)->66.219.218.77(443) CATEGORY="N/A" REASON="BY_OTHER" PROFILE="WF-PROFILE" URL=66.219.218.77 OBJ=/ USERNAME=N/A ROLES=N/A
As a side note of this testing, the "internet" zone has an interface (outside) connected to our LAN which has a proxy.. I don´t think this would interfere, but just in case.
The relevant security config is as follows:
root@SRX# show security utm
utm {
custom-objects {
url-pattern {
SITE-BLOCK {
value http://*.cisco.com;
}
}
custom-url-category {
BLOQUEO-URLS {
value SITE-BLOCK;
}
}
}
feature-profile {
web-filtering {
url-blacklist BLOQUEO-URLS;
type juniper-local;
juniper-local {
profile WF-PROFILE {
default permit;
custom-block-message " - Site blocked -";
fallback-settings {
default block;
too-many-requests block;
}
}
}
}
}
utm-policy FILTRO-UTM {
web-filtering {
http-profile WF-PROFILE;
}
}
}
root@SRX# show security policies
from-zone invitados to-zone internet {
policy invitados-to-internet {
match {
source-address SOURCE-INVITADOS;
destination-address any;
application any;
}
then {
permit {
application-services {
utm-policy FILTRO-UTM;
}
}
}
}
}
Any feedback is highly appretiated!!
Thanks,
Lucas.-