- Table of Contents
-
- 08-Configuration Examples
- 01-Web Login Configuration Examples
- 02-Internet Access Through a Static IP Address Configuration Examples
- 03-Internet access through PPPoE configuration examples
- 04-Signature Library Upgrade Configuration Examples
- 04-Software Upgrade Examples(only for F50X0-D and F5000-AK5X5 firewalls)
- 05-Software Upgrade Examples
- 06-Static routing configuration examples
- 07-OSPF configuration examples
- 08-BGP configuration examples
- 09-RIP configuration examples
- 10-DHCP configuration examples
- 11-DNS configuration examples
- 12-Object Group Configuration Examples
- 13-Public key management configuration examples
- 14-Security Policy Configuration Examples
- 15-Attack defense configuration examples
- 16-Connection Limit Configuration Examples
- 17-IPS Configuration Examples
- 18-URL Filtering Configuration Examples
- 19-Anti-Virus Configuration Examples
- 20-Data Filtering Configuration Examples
- 21-File Filtering Configuration Examples
- 22-APR-Based Security Policy Configuration Examples
- 23-Bandwidth Management Configuration Examples
- 24-NAT configuration examples
- 25-NAT hairpin configuration examples
- 26-IPsec configuration examples
- 27-SSL VPN configuration examples
- 28-Server Load Balancing Configuration Examples
- 29-Outbound Link Load Balancing Configuration Examples
- 30-Inbound Link Load Balancing Configuration Examples
- 31-Transparent DNS Proxy Configuration Examples
- 32-Context Configuration Examples
- 32-Context Configuration Examples(only for F50X0-D and F5000-AK5X5 firewalls)
- 33-IRF configuration examples
- 34-High Availability Group Configuration Examples
- 35-NAT Flow Logging Configuration Examples
- 36-User identification configuration examples
- 37-Server Connection Detection Configuration Examples
- 38-IP Reputation Configuration Examples
- 39-NPTv6 Configuration Examples
- 40-SSL Decryption Configuration Examples
- 41-MAC Address Learning Through a Layer 3 Device Configuration Examples
- 42-WAF Configuration Examples
- 43-NetShare Control Configuration Examples
- 44-4G Configuration Examples
- 45-WLAN Configuration Examples
- Related Documents
-
Title | Size | Download |
---|---|---|
18-URL Filtering Configuration Examples | 89.93 KB |
URL filtering configuration examples
The following information provides URL filtering configuration examples.
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of the URL filtering feature.
Restrictions and guidelines
The URL filtering feature requires a license to run on the device. After the license expires, URL filtering can use the existing URL filtering signature library on the device, but the library cannot be updated.
Example: Configuring URL filtering
Network configuration
As shown in Figure 1, a security gateway device is deployed at the border of the enterprise network. Configure URL filtering on the device to block and log the following Internet access behaviors of internal users:
· Access to shopping website taobao and adult websites.
· Access to the www.tudou.com website.
Software versions used
This configuration example was created and verified on F9345 of the F1060 device.
Procedure
1. Assign IP addresses to interfaces:
# On the top navigation bar, click Network.
# From the navigation pane, select Interface Configuration > Interfaces.
# Click the Edit icon for GE 1/0/1.
# In the dialog box that opens, configure the interface:
a. Select the Trust security zone.
b. Click the IPv4 Address tab, and then enter the IP address and mask of the interface. In this example, enter 10.1.1.1/24.
c. Use the default settings for other parameters.
d. Click OK.
# Add GE 1/0/2 to the Untrust security zone and set its IP address to 20.1.1.1./24 in the same way you configure GE 1/0/1.
2. Configure settings for routing:
This example configures a static route.
# On the top navigation bar, click Network.
# From the navigation pane, select Routing > Static Routing.
# On the IPv4 Static Routing tab, click Create.
# In the dialog box that opens, configure a static IPv4 route to reach 0.0.0.0:
a. Enter destination IP address 0.0.0.0.
b. Enter mask length 0.
c. Enter next hop address 20.1.1.2.
d. Use the default settings for other parameters.
e. Click OK.
3. Update the URL filtering signature library to the latest version. (Details not shown.)
4. Configure a URL category:
# On the top navigation bar, click Objects.
# From the navigation pane, select APPSecurity > URL Filtering > URL Categories.
# Click Create.
# In the dialog box that opens, configure a URL category:
¡ Enter shopping in the Name field.
¡ Set the severity level to 2000.
¡ Click Add.
¡ In the dialog box that opens, select Regular expression from the Match pattern list and enter taobao in the Host name field, and then click OK.
Figure 2 Adding a rule to the URL category
# Click OK.
5. Configure a URL filtering profile:
# On the top navigation bar, click Objects.
# From the navigation pane, select APPSecurity > URL Filtering > Profiles.
# Click Create.
# In the dialog box that opens, configure a URL filtering profile:
a. Enter the name urlfilter.
b. Select Permit as the default action.
c. Select the Logging option.
d. Use the default settings for other parameters.
e. In the Blacklist area, click Add.
f. In the dialog box that opens, select Text from the Match pattern list and enter www.tudou.com in the Host name field, and then click OK.
Figure 3 Adding a blacklist rule
g. In the URL categories area, select the Drop and Logging actions for user-defined URL category shopping and predefined URL category Pre-Adult.
h. Click OK.
Figure 4 Configuring a URL filtering profile
6. Create a security policy:
# On the top navigation bar, click Policies.
# From the navigation pane, select Security Policies > Security Policies.
# Click Create, and then click Create a policy.
# In the dialog box that opens, configure a security policy named urlfilter to permit the specified traffic from the Untrust to Trust security zones:
¡ Enter policy name urlfilter.
¡ Select source zone Untrust.
¡ Select destination zone Trust.
¡ Select type IPv4.
¡ Select action Permit.
¡ Select source IP address 10.1.1.0/24.
¡ Select URL filtering profile urlfilter in the Content security area.
¡ Use the default settings for other parameters.
# Click OK.
7. On the URL Filtering Profiles page, click Submit to make the URL filtering profile take effect.
Verifying the configuration
Verify that URL filtering can log and block the following Internet access behaviors of internal users:
· Access to shopping website taobao and adult websites.
· Access to the www.tudou.com website.
To view the logs generated for these behaviors, click Monitor on the top navigation bar, and then select Security Logs > URL Filtering Logs from the navigation pane.