URL filtering

HaseebAkhtar · Created Feb 14, 2020 15:54:14

As already stated in above comment u can use USG6000v for URL filtering in Ensp,

there can be multiple types of filtering like Catagory bases Filtring, Black/whitelisting, Low Reputation URL filtering, or even HTTPS site filtering,

here is the link to download image for USG6000v to download (u need a huawei account)

https://support.huawei.com/enterprise/en/management-system/ensp-pid-9017384/software

and here is an exmple from HEDex for HTTPS URL Filtering,

--------------------------------------------------------------------

Networking Requirements

As shown in , the FW is deployed at the network border as the enterprise's gateway to implement URL filtering on HTTPS requests sent by users to access the Internet.

An enterprise allows employees to access most websites except pornographic and illegal websites. In addition, the enterprise wants to:

Permit employees to access intranet websites: www.example1.com and www.example2.com.
Prevent employees from accessing external forum websites: www.example3.com and www.example4.com.

Figure 1 Implementing URL filtering on encrypted HTTPS traffic

Configuration Roadmap

Set the IP address and security zone of the interface.
Create the URL filtering profile url_profile_01.

Add www.example1.com and www.example2.com to the whitelist. Employees can access the whitelisted websites.
Add www.example3.com and www.example4.com to the blacklist. Employees are not allowed to access the blacklisted websites.
Set the URL filtering level to Medium to block access requests for pornographic and illegal websites.
Enable the function of filtering encrypted traffic to perform URL filtering on encrypted HTTPS traffic.

Configure a security policy and reference the URL filtering profile url_profile_01 to control the URL access requests of the enterprise employees.

Procedure

Set the IP address and security zone of the interface.
1. Choose Network > Interface.
2. Click for GE1/0/3 and set the parameters as follows:
  Zone trust
  IPv4
  IP Address 10.3.0.1/24
3. Click OK.
4. Repeat the previous steps to set the parameters for GE1/0/1.
  Zone untrust
  IPv4
  IP Address 1.1.1.1/24

Configure URL filtering profiles.

Choose Object > Security Profiles > URL Filtering.

In URL Filtering Profile, click Add and set the parameters as follows:

Name	url_profile_01
Filter Encrypted Traffic	Enable
Default Action	Allow NOTE: If you want to deny URLs outside the whitelist, you can set the default action to deny so that the FW uses the default action when the remote query service is unavailable. In this manner, URLs outside the whitelist can be denied. If you want to permit URLs outside the blacklist, you can set the default action to permit so that the FW uses the default action when the remote query service is unavailable. In this manner, URLs outside the blacklist can be permitted.
Whitelist URL	www.example1.com www.example2.com
Blacklist URL	www.example3.com www.example4.com
URL Filtering Level	Select Medium to block the access to all pornographic and illegal websites.

Click OK.

Reference URL filtering profiles in security policies.
1. Choose Policy > Security Policy > Security Policy.
2. Click Add Security Policy and set the parameters as follows:
  Name policy_sec_01
  Source Zone trust
  Destination Zone untrust
  Source Address/Region 10.3.0.0/24
  Destination Address/Region any
  Action permit
  Content Security
  URL Filtering
  url_profile_01
3. Click OK.
Click Save on the upper right of the web page, and click OK in the dialog box that is displayed.
Click Commit on the upper right of the web page, and click OK in the dialog box that is displayed.

DDSN · Created Feb 14, 2020 12:55:24

Hi,tesfama
On the eNSP, only the USG6000V supports URL filtering.
For how to configure URL filtering, please refer to https://support.huawei.com/hedex/hdx.do?docid=EDOC1100013395&id=vsp_url_filter_cfg_0001&lang=en.
I hope it helps.

HaseebAkhtar · Created Feb 14, 2020 15:54:14

As already stated in above comment u can use USG6000v for URL filtering in Ensp,

there can be multiple types of filtering like Catagory bases Filtring, Black/whitelisting, Low Reputation URL filtering, or even HTTPS site filtering,

here is the link to download image for USG6000v to download (u need a huawei account)

https://support.huawei.com/enterprise/en/management-system/ensp-pid-9017384/software

and here is an exmple from HEDex for HTTPS URL Filtering,

--------------------------------------------------------------------

Networking Requirements

As shown in , the FW is deployed at the network border as the enterprise's gateway to implement URL filtering on HTTPS requests sent by users to access the Internet.

An enterprise allows employees to access most websites except pornographic and illegal websites. In addition, the enterprise wants to:

Permit employees to access intranet websites: www.example1.com and www.example2.com.
Prevent employees from accessing external forum websites: www.example3.com and www.example4.com.

Figure 1 Implementing URL filtering on encrypted HTTPS traffic

Configuration Roadmap

Set the IP address and security zone of the interface.
Create the URL filtering profile url_profile_01.

Add www.example1.com and www.example2.com to the whitelist. Employees can access the whitelisted websites.
Add www.example3.com and www.example4.com to the blacklist. Employees are not allowed to access the blacklisted websites.
Set the URL filtering level to Medium to block access requests for pornographic and illegal websites.
Enable the function of filtering encrypted traffic to perform URL filtering on encrypted HTTPS traffic.

Configure a security policy and reference the URL filtering profile url_profile_01 to control the URL access requests of the enterprise employees.

Procedure

Set the IP address and security zone of the interface.
1. Choose Network > Interface.
2. Click for GE1/0/3 and set the parameters as follows:
  Zone trust
  IPv4
  IP Address 10.3.0.1/24
3. Click OK.
4. Repeat the previous steps to set the parameters for GE1/0/1.
  Zone untrust
  IPv4
  IP Address 1.1.1.1/24

Configure URL filtering profiles.

Choose Object > Security Profiles > URL Filtering.

In URL Filtering Profile, click Add and set the parameters as follows:

Name	url_profile_01
Filter Encrypted Traffic	Enable
Default Action	Allow NOTE: If you want to deny URLs outside the whitelist, you can set the default action to deny so that the FW uses the default action when the remote query service is unavailable. In this manner, URLs outside the whitelist can be denied. If you want to permit URLs outside the blacklist, you can set the default action to permit so that the FW uses the default action when the remote query service is unavailable. In this manner, URLs outside the blacklist can be permitted.
Whitelist URL	www.example1.com www.example2.com
Blacklist URL	www.example3.com www.example4.com
URL Filtering Level	Select Medium to block the access to all pornographic and illegal websites.

Click OK.

Reference URL filtering profiles in security policies.
1. Choose Policy > Security Policy > Security Policy.
2. Click Add Security Policy and set the parameters as follows:
  Name policy_sec_01
  Source Zone trust
  Destination Zone untrust
  Source Address/Region 10.3.0.0/24
  Destination Address/Region any
  Action permit
  Content Security
  URL Filtering
  url_profile_01
3. Click OK.
Click Save on the upper right of the web page, and click OK in the dialog box that is displayed.
Click Commit on the upper right of the web page, and click OK in the dialog box that is displayed.

URL filtering

Best answer

Networking Requirements

Configuration Roadmap

Procedure

Networking Requirements

Configuration Roadmap

Procedure

Third Party’s Trade Secret

My Followers

Enterprise

Consumer

Corporate

Carriers

URL filtering

Best answer

Networking Requirements

Configuration Roadmap

Procedure

Networking Requirements

Configuration Roadmap

Procedure

Third Party’s Trade Secret

My Followers