.Juniper Networks supports redirect web filtering using either the Websense Enterprise Engine or the SurfControl Web Filter. You can block or permit access to different sites based on their URLs, domain names, and IP addresses. The security device can link directly to a Websense or SurfControl web-filtering server.
For additional information about Websense, visit http://www.websense.com. For additional information about SurfControl, visit http://www.surfcontrol.com.
Enter the necessary information to configure redirect web-filtering parameters:
Enable Web Filtering: Select this option and supply the following information to configure it.
Source Interface: Select the source from which the security device initiates web-filtering requests to a web-filtering (SurfControl or Websense) server.
Server Name: Enter the IP address or DNS name of the web-filtering server.
Server Port: Enter the default port number for either the SurfControl server (62252)or the Websense server (15868). If you change the default port on the SurfControl or Websense server, you must also change it on the security device. Refer to your SurfControl or Websense documentation for more details.
Communication Timeout: Enter a value between 10 - 240 to specify the period (in seconds) that the security device waits for a response from the web-filtering server. If the security device does not receive a response before this interval elapses, it either permits or denies the HTTP GET request, depending on how you configure the device.
Current Server Status:
The security device reports the connectivity status of the web-filtering
server. When web filtering is enabled, you can refresh its status by clicking
.
If connectivity to the server is lost: Select the behavior that you want the security device to perform when it cannot connect to the web-filtering server:
Select
Block to block all HTTP requests.
Select Permit to permit all HTTP
requests.
Blocked URL Message Type: Select NetPartners Websense/SurfControl or NetScreen. This setting determines the source of the message that the user sees when trying to access a blocked site, either the web-filtering server or your security device.
NetScreen Blocked URL Message: Enter a custom message up to 500 characters. This is the message the security device returns to the user when the user tries to access a blocked site.
Click Apply to save your settings.
To
Specify Redirect Web Filtering Options for a Virtual SystemEnable Web Filtering: Select this option and supply the following information to configure it.
To share the Web filtering configuration with the root system, select Share Root URL Filtering Config.
Or
To create a separate configuration for a virtual system, select Set Vsys URL Filtering Config, and enter the following:
Note: A security device with virtual systems can support a total of eight web-filtering servers.
Source Interface: Select the source from which the security device initiates web-filtering requests to a SurfControl or Websense server.
Server Name: Enter the IP address or DNS name of the Web-filtering server.
Server Port: Enter the default port number for either the SurfControl server (62252)or the Websense server (15868). If you change the default port on the SurfControl or Websense server, you must also change it on the security device. Refer to your SurfControl or Websense documentation for more details.
Communication Timeout: Enter a value between 10 - 240 to specify the period (in seconds) that the security device waits for a response from the web-filtering server. If the security device does not receive a response before this interval elapses, it either permits or denies the HTTP GET request, depending on how you configure the device.
Current Server Status:
The security device reports the connectivity status of the web-filtering
server. When web filtering is enabled, you can refresh its status by clicking
.
If connectivity to the server is lost: Select the behavior that you want the security device to take when it cannot connect to the web-filtering server: Block to block all HTTP requests or Permit to permit all HTTP requests.
Blocked URL Message Type: Select NetPartnersWebsense/SurfControl or NetScreen. This setting determines the source of the message that the user sees when trying to access a blocked site, either the web-filtering server or the security device.
NetScreen Blocked URL Message: Enter a custom message up to 500 characters. This is the message the security device returns to the user when the user tries to access a blocked site.
Click Apply to save your settings.