1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Network Router
  5. V10000
  6. Implementation manual

Protocol Operation; Implementation; Figure 4: Example Implementation Network - Juniper V10000 Implementation Manual

Juniper networks network router user manual
Hide thumbs
Table of Contents

Advertisement

Protocol Operation

The Websense V10000 product uses TCP port 15871. This port service is used to insert an alert placed in-stream with
the Web browser, thereby redirecting the Web browser to a "Block Page" served by the V10000 appliance. The Web
browser is redirected to the V10000 "C" port. The "C" port is typically located in the management segment of the
network, to which the User LAN would typically not have access. Therefore, the SRX Series security policy must be
configured to permit the User LAN traffic to access the V10000 "C" port for TCP/15871.
The SRX Series uses the native Juniper Networks Junos
redirect the traffic to the V10000. No special protocol is required to redirect traffic to the V10000.

Implementation

This section provides the step-by-step SRX Series configuration to support the joint solution. Figure 4 illustrates the
reference network that is used throughput this implementation guide. The SRX Series administrator must set up four
(4) separate security zones: "public-inet" (for access to the public Internet), "user-lan" (for access to the internal
network), "management" (for access to the V10000's "C" port), and "web-redirect" (for access to V10000's P1 port).
To keep the network diagram simple, each of the SRX Series physical interfaces are shown directly attached to the end
devices. In a field deployment, these ports would most likely be connected via L2 switches.
The four security zones and the permitted traffic flows through the SRX Series are illustrated and explained in Table 1.
INTERNET
66.97.23.82
ge-0/0/0
SRX
Series
ge-0/0/1
192.168.5.1
Table 1: SRX Series Security Policies
FROM SECURITY ZONE
user-lan
web-redirect
user-lan
user-lan
management
Copyright © 2010, Juniper Networks, Inc.
172.25.44.19/24
ge-1/0/1
C
P1
ge-2/0/1
192.168.10.12/24
192.168.5/24
USER LAN
L2 Switch
TO SECURITY ZONE
web-redirect
public-inet
management
public-inet
public-inet
IMPLEMENTATION GUIDE - Juniper Networks SRX Series Services Gateways/Websense V10000
operating system filter-based forwarding (FBF) approach to
®
Websense
V10000

Figure 4: Example implementation network

PURPOSE
Redirected traffic to V10000 for security processing
V10000 proxies allowed user traffic
V10000 redirecting user browser to "Block Page"
User traffic that does not need to be processed by V10000
V10000 control traffic that needs to access security databases
for subscription updates and other functions
public-inet
management
web-redirect
user-lan
5

Advertisement

Table of Contents
loading

Related Manuals for Juniper V10000

Related Content for Juniper V10000

Table of Contents