URL filtering

Created: 5 days agoLatest reply: Feb 14, 2020 15:54:14 56 2 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Dears; 

I am trying to do URL filtering on eNSP. please support me on how to do it.

  • x
  • convention:

Featured Answers
HaseebAkhtar
Created 5 days ago Helpful(1) Helpful(1)

As already stated in above comment u can use USG6000v for URL filtering in Ensp,

there can be multiple types of filtering like  Catagory bases Filtring, Black/whitelisting, Low Reputation URL filtering, or even HTTPS site filtering, 

here is the link to download image for USG6000v to download (u need a huawei account) 

https://support.huawei.com/enterprise/en/management-system/ensp-pid-9017384/software



and here is an exmple from HEDex for HTTPS URL Filtering, 


--------------------------------------------------------------------

Networking Requirements

As shown in , the FW is deployed at the network border as the enterprise's gateway to implement URL filtering on HTTPS requests sent by users to access the Internet.

An enterprise allows employees to access most websites except pornographic and illegal websites. In addition, the enterprise wants to:

  • Permit employees to access intranet websites: www.example1.com and www.example2.com.

  • Prevent employees from accessing external forum websites: www.example3.com and www.example4.com.

Figure 1 Implementing URL filtering on encrypted HTTPS traffic
vsp_url_filter_cfg_0020_fig01.png

Configuration Roadmap

  1. Set the IP address and security zone of the interface.

  2. Create the URL filtering profile url_profile_01.

  • Add www.example1.com and www.example2.com to the whitelist. Employees can access the whitelisted websites.

  • Add www.example3.com and www.example4.com to the blacklist. Employees are not allowed to access the blacklisted websites.

  • Set the URL filtering level to Medium to block access requests for pornographic and illegal websites.

  • Enable the function of filtering encrypted traffic to perform URL filtering on encrypted HTTPS traffic.

Configure a security policy and reference the URL filtering profile url_profile_01 to control the URL access requests of the enterprise employees.

Procedure

  1. Set the IP address and security zone of the interface.



    1. Choose Network > Interface.

    2. Click change1.png for GE1/0/3 and set the parameters as follows:

      Zonetrust
      IPv4
      IP Address10.3.0.1/24
    3. Click OK.

    4. Repeat the previous steps to set the parameters for GE1/0/1.

      Zoneuntrust
      IPv4
      IP Address1.1.1.1/24
  2. Configure URL filtering profiles.



    1. Choose Object > Security Profiles > URL Filtering.

      vsp_url_filter_cfg_0019_fig003.png

    2. In URL Filtering Profile, click Add and set the parameters as follows:

      Name

      url_profile_01

      Filter Encrypted Traffic

      Enable

      Default Action

      Allow

      NOTE:

      If you want to deny URLs outside the whitelist, you can set the default action to deny so that the FW uses the default action when the remote query service is unavailable. In this manner, URLs outside the whitelist can be denied.

      If you want to permit URLs outside the blacklist, you can set the default action to permit so that the FW uses the default action when the remote query service is unavailable. In this manner, URLs outside the blacklist can be permitted.

      Whitelist URL

      www.example1.com

      www.example2.com

      Blacklist URL

      www.example3.com

      www.example4.com

      URL Filtering Level

      Select Medium to block the access to all pornographic and illegal websites.

    3. Click OK.

  3. Reference URL filtering profiles in security policies.



    1. Choose Policy > Security Policy > Security Policy.

    2. Click Add Security Policy and set the parameters as follows:

      Namepolicy_sec_01
      Source Zonetrust
      Destination Zoneuntrust
      Source Address/Region10.3.0.0/24
      Destination Address/Regionany
      Actionpermit
      Content Security
      URL Filtering

      url_profile_01

    3. Click OK.

  4. Click Save on the upper right of the web page, and click OK in the dialog box that is displayed.

  5. Click Commit on the upper right of the web page, and click OK in the dialog box that is displayed.


  • x
  • convention:

All Answers
DDSN
DDSN Admin Created 5 days ago Helpful(1) Helpful(1)

Hi,tesfama
On the eNSP, only the USG6000V supports URL filtering.
For how to configure URL filtering, please refer to https://support.huawei.com/hedex/hdx.do?docid=EDOC1100013395&id=vsp_url_filter_cfg_0001&lang=en.
I hope it helps.
  • x
  • convention:

HaseebAkhtar
HaseebAkhtar Created 5 days ago Helpful(1) Helpful(1)

As already stated in above comment u can use USG6000v for URL filtering in Ensp,

there can be multiple types of filtering like  Catagory bases Filtring, Black/whitelisting, Low Reputation URL filtering, or even HTTPS site filtering, 

here is the link to download image for USG6000v to download (u need a huawei account) 

https://support.huawei.com/enterprise/en/management-system/ensp-pid-9017384/software



and here is an exmple from HEDex for HTTPS URL Filtering, 


--------------------------------------------------------------------

Networking Requirements

As shown in , the FW is deployed at the network border as the enterprise's gateway to implement URL filtering on HTTPS requests sent by users to access the Internet.

An enterprise allows employees to access most websites except pornographic and illegal websites. In addition, the enterprise wants to:

  • Permit employees to access intranet websites: www.example1.com and www.example2.com.

  • Prevent employees from accessing external forum websites: www.example3.com and www.example4.com.

Figure 1 Implementing URL filtering on encrypted HTTPS traffic
vsp_url_filter_cfg_0020_fig01.png

Configuration Roadmap

  1. Set the IP address and security zone of the interface.

  2. Create the URL filtering profile url_profile_01.

  • Add www.example1.com and www.example2.com to the whitelist. Employees can access the whitelisted websites.

  • Add www.example3.com and www.example4.com to the blacklist. Employees are not allowed to access the blacklisted websites.

  • Set the URL filtering level to Medium to block access requests for pornographic and illegal websites.

  • Enable the function of filtering encrypted traffic to perform URL filtering on encrypted HTTPS traffic.

Configure a security policy and reference the URL filtering profile url_profile_01 to control the URL access requests of the enterprise employees.

Procedure

  1. Set the IP address and security zone of the interface.



    1. Choose Network > Interface.

    2. Click change1.png for GE1/0/3 and set the parameters as follows:

      Zonetrust
      IPv4
      IP Address10.3.0.1/24
    3. Click OK.

    4. Repeat the previous steps to set the parameters for GE1/0/1.

      Zoneuntrust
      IPv4
      IP Address1.1.1.1/24
  2. Configure URL filtering profiles.



    1. Choose Object > Security Profiles > URL Filtering.

      vsp_url_filter_cfg_0019_fig003.png

    2. In URL Filtering Profile, click Add and set the parameters as follows:

      Name

      url_profile_01

      Filter Encrypted Traffic

      Enable

      Default Action

      Allow

      NOTE:

      If you want to deny URLs outside the whitelist, you can set the default action to deny so that the FW uses the default action when the remote query service is unavailable. In this manner, URLs outside the whitelist can be denied.

      If you want to permit URLs outside the blacklist, you can set the default action to permit so that the FW uses the default action when the remote query service is unavailable. In this manner, URLs outside the blacklist can be permitted.

      Whitelist URL

      www.example1.com

      www.example2.com

      Blacklist URL

      www.example3.com

      www.example4.com

      URL Filtering Level

      Select Medium to block the access to all pornographic and illegal websites.

    3. Click OK.

  3. Reference URL filtering profiles in security policies.



    1. Choose Policy > Security Policy > Security Policy.

    2. Click Add Security Policy and set the parameters as follows:

      Namepolicy_sec_01
      Source Zonetrust
      Destination Zoneuntrust
      Source Address/Region10.3.0.0/24
      Destination Address/Regionany
      Actionpermit
      Content Security
      URL Filtering

      url_profile_01

    3. Click OK.

  4. Click Save on the upper right of the web page, and click OK in the dialog box that is displayed.

  5. Click Commit on the upper right of the web page, and click OK in the dialog box that is displayed.


  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login