Redirect Web Filtering In Screenos Using Nsm Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide

Redirect Web Filtering in ScreenOS Using NSM Overview

Table 45: Web Filtering Options
Web Filtering Options
Source Interface
Server Name
Server Port
Profile Name
Server Timeout
Fail Mode
192
Example: Configuring Redirect Web Filtering in ScreenOS (NSM Procedure) on page 193
Redirect Web Filtering enables you to block or permit access to different websites based
on their URLs, domain names, and IP addresses. NSM supports redirect Web filtering
using either the Websense Enterprise Engine or SurfControl Web Filter.
NOTE: For Websense licensing information, go to
SurfControl licensing information, go to
For Websense, ScreenOS supports up to eight Web-filtering servers. On vsys devices,
one server is reserved for the root, leaving seven servers available for vsys (one server
per vsys, all remaining vsys must use the root server). For vsys-capable devices running
ScreenOS 5.2, you can assign the same server to multiple vsys devices, and then configure
a profile name for each vsys to enable the filtering server to distinguish between vsys
devices.
Select the redirect Web filtering method you want to use, enable Web filtering for that
method, and then configure the settings.
Table 45 on page 192 describes the options available for configuring Web filtering settings.
Description
The source from which the security device initiates Web filter requests to a
Web-filtering server.
The IP address or fully qualified domain name (FQDN) of the Websense or
SurfControl server.
The port number on the filtering server that handles filtering requests. The default
port for Websense is 15868; the default port for SurfControl is 15868.
The profile name uniquely identifies the device when connecting to the filtering
server. When configuring Websense (Redirect) Web-Filtering for multiple vsys
devices using the same root device, you can assign the same Web-filtering server
and port to multiple vsys devices as long as you use a unique profile name for each
device.
NOTE: This option is applicable for vsys capable devices running ScreenOS 5.2 only.
The time interval, in seconds, that the security device waits for a response from the
Web-filtering server. If the server does not respond within the time interval, the
security device either blocks the request or permits it. For the time interval, you can
enter a number between 10 and 240.
The fail mode (Block or Permit) determines how the security device handles HTTP
requests if the device loses contact with the Web-filtering server.
www.websense.com
www.surfcontrol.com .
Copyright © 2010, Juniper Networks, Inc.
. For