Configuring UTM Content Filtering with J-Web

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hello my name is Zack Gibbs and I am a Content developer with education services inside Juniper Networks and today we will be discussing the configuring UTM content filtering with a web learning byte alright so let's go ahead and jump right to the example there's a few devices I want to point out we have user 1 which is connected to V SRX 1 which is connected to the Internet and then in the Internet we have a internet server which we're going to use to test our content filtering and so what we want to do is we want to configure UTM content filtering using je web to do a few things we want to block any executable files that user attempts to download from the internet server so just really the Internet in general we're going to use the internet server as our test server to make sure that this works and then we want to display a custom message for the user when they attempt to download any executable file so let's go ahead and jump to the je web interface and for VSR x1 and test the sound so here is the je web interface for vs or x1 and we need to go to the security UTM content filtering workspace now a thing I do want to point out here is we are under the configuration main workspace and we can hover over the ribbon on the left to see that as well as we can see that up top with the actual workspace navigation bar okay so under content filtering profiles we can click the new button and then we can name the profile we'll call this C F for content filtering J web - LV for learning bite and we have a few different options here we can first specify a block extension list if we select that we just have the Junos default extension and none so right now we don't really have anything configured to block just files that are the exe or executable extension and so with that we could go back and create a custom logic but right here we have some available content types which are common file types and we can select the exe type and press ok and that adds it to a block list and so then what we need to do is we need to create a UTM policy click the policy option get to the UTM policy screen click the new button and under here we can go to content filtering Oh first we need to name it we'll call this UTM - L B and then we need to select the content filtering profiles tab and here we are concerned about HTTP traffic so we can select the cfj web lb content filtering profile and if we wanted to we could also select different profiles or the same profile for other protocols like FTP with upload and download IMF and SMTP pop3 things like that but we don't need that for this case study and something else I want to point out is with a UTM policy you can do multiple profiles you can do antivirus profiles you can do web filtering anti-spam profiles and content filtering profiles all within the same UTM policy but that would be a huge learning byte and so we're not going to do that right here we're just going to focus on the content filtering profiles and then we can click OK and then the last thing we need to do is select or create a firewall policy rule that references the UTM policy so under security firewall policy rules we can select the create button given a name we'll call this u TM - lb and under source we can select users own that's fine any address destination we want to change that to the Internet zone and then under advanced security we want to set the action to permit which allows us to select the UTM policy and then under rule options nothing we want to sit here so we click finish and then the summary will pop up and we can click OK things look good there if we scroll down we can see that the UTM rule is specified the UTM lb policy that is is specified under advanced security that's what we want to see so we can click OK and then commit the configuration so now that the configuration is committed let's jump to the user one device and see how this works okay here is the user one device we are currently at the internet server we can refresh the page again here's some files so we have a few different files so let's see what happens when we click the test file Exe gets blocked that's perfect but notice how there's no custom message we didn't specify custom message so we need to go back and do that so let's go to the internet server again try to download a txt file and it downloads just fine so okay things are looking good but we need to jump back to the J web interface and configure those notification options alright so here's the J web interface again 4 vs 4 X 1 let's go ahead and go to UTM and then let's go to content filtering and then we can edit the policy select it and click the edit button and then there's a tab called notification options that we tend to explore before we can select that tab we have a few different options here we have protocol or message for the notification type we want to select message here because we'll give a message directly to the user and notify email sender and we're using HTTP so we're not really worried about mail traffic here and so here we can set a the the custom message or say no Exe files select ok let's commit that configuration and then jump to the user 1 device so we're here back at the user one device to refresh the page and attempt to download with that file again and perfect we have no Exe files our custom message gives us the other information that was there that's great if we go back we can download the text file again and everything looks good there now I do want to show you the configuration for doing a custom object and blocking exe files so we're going to jump back to the J web interface and kind of run through the same process again except using custom objects with a UTM content filtering okay so here is the J web interface again so let's go to custom objects which is under UTM and then we have to go to the file extension list tab and then we can click the create button to add a new file extension list and we can call this we'll just call this a CFS J web - exe and then we need to find exe in the list move it over at granted we could move multiple file types over here so this is great if you want to have a custom setup where you're blocking different types of file tests maybe not just Exe exe files are just easy to show in the situation so let's select ok so we've created that and now we need to go back to content filtering we need to edit this and under here we need to remove exe from the block content type section and then in the block extension list when you just select CFJ web exe and then we'll click OK click OK again now everything else has already set up the UTM policy we've already set up the firewall rule so we don't need to mess with any of that so let's go ahead and commit the configuration and then jump to the user one device so here is the user one device let's refresh that webpage and let's attempt to download the test file and great we're getting the same behavior as with the content type blocking as with using a custom object so that's great let's just download the test file dot txt file and yep that works great perfect so one last thing I do want to show you is if we go to the monitor section and then security UTM content filtering we have some statistics and under here we have one under based on extension list that's because remember at the end there we change to an extension list to block the exe file so that's that one block and then it shows exe files too and that has to deal with our content type blocking to where we blocked two of the exe files with just that content block list where had the common file extensions and we selected exe so here we can see that we are actually blocking the files from the vs or x1 perspective as well so that brings us the end of this learning byte in this learning byte we discussed how to configure UTM content filtering using J web and we also demonstrated how to verify UTM content filtering functionality using J web so as always thanks for watching visit beef juniper education services website to learn more about courses to view our full range of classroom online and e-learning courses learning paths industry segments and technology specific training paths Juniper Networks certification program the ultimate demonstration of your confidence and the training community from forums to social media join the discussion
Info
Channel: JuniperNetworks
Views: 2,788
Rating: 4.5 out of 5
Keywords: Junos, Junos OS, UTM, J-Web, Juniper, SRX Series
Id: VBWIA-gNAOc
Channel Id: undefined
Length: 9min 23sec (563 seconds)
Published: Wed Nov 14 2018
Related Videos
Configuring UTM Anti-Virus with J-Web
JuniperNetworks
993
5G Network Slicing with Juniper SMO and RIC
JuniperNetworks
36
Network Security 101: Full Workshop
SecureSet
1.6M
AWS Certified Cloud Practitioner Complete Video Course
TechTalks
60K
Video Tutorial: How to Configure URL Filtering
Palo Alto Networks LIVEcommunity
63K
How to troubleshoot a slow network
Ben Piper
105K
POP3 vs IMAP - What's the difference?
PowerCert Animated Videos
914K
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
497K
FortiGate Cookbook - Transparent Mode (5.4)
Fortinet
33K
Setting Up an SRX Chassis Cluster with J-Web
JuniperNetworks
2.5K
The Junos CLI | Introduction to Juniper and JNCIA Part 2
Network Direction
7.1K
JUNIPER SD-WAN CSO 3.2 UTM DEMO
Valery Yastrebov
402
Tip for Juniper SRX Dual WAN I
Stallion AS
8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.