Managing URL filtering on SNS firewalls from SMC
In SMC, you can create filter rules referencing URL filtering profiles configured locally on firewalls by selecting their identifier (00 to 09).
However you cannot set up these profiles directly in SMC and they may be different on each firewall even if they have the same identifier.
This section explains how to deploy a common URL filtering policy on all or part of your firewalls thanks to SMC, based on the URL filtering policy configured on a “template” firewall.
You will need two scripts to do so: a first one which allows collecting the URL filtering policy from the template firewall and another one which allows deploying this policy on the selected firewalls.
IMPORTANT
The template firewall and the target firewalls must be in the same version.
To apply this procedure, follow the three steps below in the order given.
The first step consists in creating or editing one or more URL filtering profiles on a firewall (10 profiles available). This firewall stands for the template URL configuration to be deployed on other firewalls.
- Connect to the web administration interface of the template firewall with its IP address or connect directly through SMC.
- Open the menu Security policy > URL filtering.
- Create or edit URL filtering profiles.
The following script allows collecting the URL filtering policy of the template firewall (URL filtering profiles and Web objects).
##################################################################### # Save URLs, Certificate names, URL and CN groups and the # # URL base of a SNS #firewall # # # # The $SAVE_TO_DATA_FILE argument indicates the name of the file in # # which the result of the execution will be saved # ##################################################################### CONFIG BACKUP list=urlfiltering $SAVE_TO_DATA_FILE("backup-URL.na")
To use the script:
- Copy it to a text editor and save it with the .script extension.
- In SMC, open the menu Deployment > SNS CLI Scripts.
- Select the script you saved previously.
- Select the firewall which URL filtering policy must be collected.
- Execute the script.
- Download the archive generated by the script. The archive contains the backup file backup-URL.na.
For more information on SNS CLI scripts, please refer to the section Running SNS CLI commands on an environment of firewalls.
The following scripts allow deploying the URL filtering policy previously saved on the other firewalls.
- Script required if using filtering with an embedded Stormshield URL base:
################################################################# # Restore URLs, Certificate names, URL and CN groups and the URL# # base of a SNS firewall # ################################################################# # use the embedded categories CONFIG OBJECT URLGROUP SETBASE base=NETASQ # Restore the configuration CONFIG RESTORE list=urlfiltering fwserial=local $FROM_DATA_FILE("backup-URL.na")
- Script required if using filtering with an advanced Stormshield URL base (with the option Extended Web Control):
################################################################# # Restore URLs, Certificate names, URL and CN groups and the URL# # base of a SNS firewall # ################################################################# CONFIG OBJECT URLGROUP SETBASE base=CLOUDURL # Restore the configuration CONFIG RESTORE list=urlfiltering fwserial=local $FROM_DATA_FILE("backup-URL.na")
To use the scripts:
- Copy the script adapted to the URL base you are using to a text editor and save it with the .script extension.
- In SMC, open the menu Deployment > SNS CLI Scripts.
- Select the script you saved previously.
- Select the .na backup file previously created as attached file.
- Select the firewalls on which deploying the URL filtering policy.
- Execute the script.
- You can connect to a firewall through SMC to see the URL filtering policy has been properly deployed.