hi i have srx210 firewall. i have configured two categories bad-sites and good-sites.i want to block bad-sites url and allow good-sites.but the problem is that both are being allowed on my firewall.my configuraion is as under.pls any one can help me in this regard.i am filtering these sites locally.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [editsecurityutm] root@srx# show custom-objects url-pattern{ blocked-urls{ value http://rtoodtoo.com; } allowed-urls{ value http://rtodto.net; } } custom-url-category{ bad-sites{ value blocked-urls; } good-sites{ value allowed-urls; } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | [editsecurityutm] root@srx# show feature-profile web-filtering{ url-whitelist good-sites; url-blacklist bad-sites; type juniper-local; juniper-local{ profilewf-local{ custom-block-message"Juniper UTM firewall blocked this request"; fallback-settings{ defaultlog-and-permit; server-connectivity block; timeout block; too-many-requests block; } } } } |
1 2 3 4 5 | [editsecurityutm] root@srx# show utm-policy wf-local web-filtering{ http-profile wf-local; } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [edit] root@srx# show security policies from-zoneTRUSTto-zoneINTERNET{ policytrust-internet{ match{ source-address n172.4.1.4_30; destination-address any; application[junos-http junos-dns-udp junos-ping]; } then{ permit{ application-services{ utm-policy wf-local; } } } } } |
this is the complete config that i have done on my srx210