Custom URL category support for SSL forward proxy

Feature(s) and their supported products/applications:

[Collapse All]

[Expand All]

The allowlisting feature is extended to include custom URL categories supported by UTM in the allowlist configuration of SSL forward proxy. In this implementation, the Server Name Indication (SNI) field is extracted by the UTM module from client hello messages to determine the URL category. SNI is an extension of the SSL/TLS protocol. Each URL category has a unique ID. The list of URL categories in the allowlist is parsed and the corresponding category IDs are pushed to the Packet Forwarding Engine for each SSL forward proxy profile. The SSL forward proxy then determines through APIs whether to accept the proxy or to ignore the session.

Product / Application	Software	Introduced Release
vSRX	Junos OS	12.1X46-D10
SRX300	Junos OS	17.4R1
SRX320	Junos OS	17.4R1
SRX340	Junos OS	17.4R1
SRX345	Junos OS	17.4R1
SRX380	Junos OS	20.1R1
SRX550 HM	Junos OS	17.4R1
SRX1500	Junos OS	17.4R1
SRX1600	Junos OS	23.4R1
SRX2300	Junos OS	23.4R1
SRX4100	Junos OS	17.4R1
SRX4120	Junos OS	25.2R1
SRX4200	Junos OS	17.4R1
SRX4300	Junos OS	24.2R1
SRX4600	Junos OS	17.4R2
SRX4700	Junos OS	24.4R1-S2
SRX5400	Junos OS	17.4R1
SRX5600	Junos OS	17.4R1
SRX5800	Junos OS	17.4R1

Feature Explorer AI

Custom URL category support for SSL forward proxy

404: Page not found.

Custom URL category support for SSL forward proxy