Juniper V10000 Implementation Manual
  1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Network Router
  5. V10000
  6. Implementation manual
Juniper V10000 Implementation Manual

Juniper V10000 Implementation Manual

Juniper networks network router user manual
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
IMPLEMENTATION GUIDE
JUNIPER NETWORKS SRX

SERIES SERVICES GATEWAYS/

WEBSENSE V10000
SRX Series Configuration to Enable
Security Solutions with TRITON
Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee the accuracy of the
information provided herein. Third party product descriptions and related technical details provided in this document are for information purposes only and such
products are not supported by Juniper Networks. All information provided in this guide is provided "as is", with all faults, and without warranty of any kind, either
expressed or implied or statutory. Juniper Networks and its suppliers hereby disclaim all warranties related to this guide and the information contained herein,
whether expressed or implied of statutory including, without limitation, those of merchantability, fitness for a particular purpose and noninfringement, or arising
from a course of dealing, usage, or trade practice.
1
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the V10000 and is the answer not in the manual?

Questions and answers

Related Manuals for Juniper V10000

Summary of Contents for Juniper V10000

  • Page 1: Series Services Gateways

    Third party product descriptions and related technical details provided in this document are for information purposes only and such products are not supported by Juniper Networks. All information provided in this guide is provided “as is”, with all faults, and without warranty of any kind, either expressed or implied or statutory.

  • Page 2: Table Of Contents

    IMPLEMENTATION GUIDE -Juniper Networks SRX Series Services Gateways/Websense V10000 Table of Contents Introduction ..................... .3 Scope .

  • Page 3: Introduction

    L2 Switch Figure 1: Reference network user browser. The user browser is redirected to a “Block Page” that is served by the V10000 at the C port. These two scenarios are illustrated in the following ladder diagrams. Copyright © 2010, Juniper Networks, Inc.

  • Page 4: Figure 2: User Traffic Allowed

    Figure 2 illustrates the ladder diagram for user traffic allowed by the Websense V10000. The V10000 proxies the traffic between the user and the Internet via the V10000 P1 port. The proxied traffic is indicated by the separate dark gray and light gray traffic flows.

  • Page 5: Protocol Operation

    Protocol Operation The Websense V10000 product uses TCP port 15871. This port service is used to insert an alert placed in-stream with the Web browser, thereby redirecting the Web browser to a “Block Page” served by the V10000 appliance. The Web browser is redirected to the V10000 “C”...

  • Page 6: Implementation Tasks

    Websense V10000. 7. Add the V10000 “C” port to the management security zone address book. This step is necessary so that the V10000 can redirect the user Web browser to the “C” port for blocked sites or Web protocols.

  • Page 7: Srx Series Configuration Step By Step

    { ge-2/0/1.0; Note that you should follow this step if the physical interface toward the V10000 P1 interface was already configured. If this is not the case, then use the following configuration at the interface hierarchy. admin@SRX# show interfaces ge-2/0/1 description “To Websense V10000 P1 network”;...
  • Page 8 IMPLEMENTATION GUIDE -Juniper Networks SRX Series Services Gateways/Websense V10000 2. Create a FBF that is used to redirect specific traffic from the User LAN to the V10000 P1 port. This technique requires a forwarding-based routing-instance that has a single next-hop route to the V10000 P1 port.
  • Page 9 4. Create an access control filter (called a “firewall filter” in Junos OS) to selectively identify the traffic to be redirected to the V10000. For the purpose of this implementation guide example, this is HTTP and HTTPS traffic only. The following firewall configuration has two terms.
  • Page 10 7. Add the V10000 “C” port address 172.25.44.19 to the management security zone address book. This step is necessary so that the V10000 can redirect the user Web browser to the “C” port for blocked sites. Note that in addition to the specific address, an “address-set”...
  • Page 11 15871; 9. Add a security policy from user-lan to management only to the V10000 “C” port and only for the TCP/15871 traffic. This step is necessary so that the user Web browser can be redirected to the V10000 “Block Page.” Normally User LAN traffic should not be allowed to access the management security zone.

  • Page 12: Summary

    Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners.

Table of Contents