SRX Services Gateway
SRX Services Gateway

srx using apbr filter https traffic

‎02-11-2019 07:03 PM

hi all

 

I have one srx300 version is 18.3R1.9

I want to do one thing : when client access youtube(ex: https://www.youtube.com) will using ISP B

 

There is my config , but not working need help

 

root# run show system license

anti_spam_key_sbl
idp-sig
dynamic-vpn
av_key_sophos_engine
logical-system
wf_key_websense_ewf
remote-access-ipsec-vpn-client

 

// routing-instance k is a fake instance , if match I wish it will dead

set security advance-policy-based-routing profile p1 rule r1 match category bad
set security advance-policy-based-routing profile p1 rule r1 then routing-instance k
set security advance-policy-based-routing profile p2 rule r2 match category Enhanced_Social_Web_Youtube
set security advance-policy-based-routing profile p2 rule r2 match category Enhanced_Social_Web_Facebook
set security advance-policy-based-routing profile p2 rule r2 then routing-instance k

set security zones security-zone test advance-policy-based-routing-profile p2

set security utm utm-policy mypolicy web-filtering http-profile my_ewfprofile01

set security utm custom-objects url-pattern block value www.youtube.com
set security utm custom-objects url-pattern block value www.facebook.com

set security utm custom-objects custom-url-category bad value block


set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 category bad action block
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 category Enhanced_Social_Web_Youtube action block
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action very-safe log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action moderately-safe log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action fairly-safe log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action suspicious log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 site-reputation-action harmful log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 default log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 fallback-settings default log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 fallback-settings server-connectivity log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 fallback-settings timeout log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile my_ewfprofile01 fallback-settings too-many-requests log-and-permit


set security policies from-zone test to-zone mgt policy aaa match source-address any
set security policies from-zone test to-zone mgt policy aaa match destination-address any
set security policies from-zone test to-zone mgt policy aaa match application any
set security policies from-zone test to-zone mgt policy aaa then permit application-services utm-policy mypolicy

 

 

in this situation , when user typing https://www.youtube.com will time-out , but not as expected , is there someone can help me ,thanks~

2 REPLIES 2
SRX Services Gateway

Re: srx using apbr filter https traffic

‎02-11-2019 07:24 PM

Hello,

 

Seems like you are missing app-id signature license.

 

root@srx> show system license | match app
appid-sig - APPID Signature

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB31328

 

Regards,

 

Vikas

SRX Services Gateway

Re: srx using apbr filter https traffic

‎02-11-2019 07:41 PM

I see , will check license first , later report , thanks again