[j-nsp] EWF issue
Skeeve Stevens
skeeve+junipernsp at eintellegonetworks.com
Mon Mar 24 23:38:06 EDT 2014
Hey all,
I am trying to setup EWF on a Juniper SRX550 Cluster.... and we're having
some issues.
White and Black lists are working some, but the categories are having
problems.
Firstly:
---
Mar 25 14:34:19 uf_cache_search: host=penthouse.com, page=/
Mar 25 14:34:19 status: 0, cache miss counter: 1618; cat_code=-1
Mar 25 14:34:19 url_send_data : req penthouse.com/ sent on socket 0x571b40
fd 46
Mar 25 14:34:19 url_ewf_read_resp_msg: recvmsg() peek returns 601: msg
length
Mar 25 14:34:19 url_ewf_read_resp_msg: return from
url_ewf_parse_http_resp_hdr (170) content length(431) resp_status(200)
Mar 25 14:34:19 url_ewf_read_resp_msg: recvmsg() returns 601: msg length
Mar 25 14:34:19 url_ewf_proc_serv_resp: 2831 Processing msg 557664 count in
this loop: 1
Mar 25 14:34:19 Request url(penthouse.com/) and response url(
http://penthouse.com/) do not match
Mar 25 14:34:19 Request url and response url domains dont match
Mar 25 14:34:19 url_ewf_proc_serv_resp: 2851 url_ewf_process_http_resp
returns: 431
---
The first URL not having http:// seems to be having an issue (this is with
IE and Chrome acting the same).
I am seeing this:
einadmin at FW01> show security utm web-filtering status
node0:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server UP
node1:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN
{primary:node0}
which is odd that node 1 is down... since it is being hit:
einadmin at FW01> show security utm web-filtering statistics
node0:
--------------------------------------------------------------------------
UTM web-filtering statistics:
Total requests: 2016
white list hit: 294
Black list hit: 1
Queries to server: 1205
Server reply permit: 0
Server reply block: 0
Custom category permit: 52
Custom category block: 23
Site reputation permit: 0
Site reputation block: 0
Cache hit permit: 0
Cache hit block: 0
Safe-search redirect: 0
Web-filtering sessions in total: 64000
Web-filtering sessions in use: 9
Fallback: log-and-permit block
Default 1204 0
Timeout 0 0
Connectivity 441 0
Too-many-requests 0 0
node1:
--------------------------------------------------------------------------
UTM web-filtering statistics:
Total requests: 0
white list hit: 0
Black list hit: 0
Queries to server: 0
Server reply permit: 0
Server reply block: 0
Custom category permit: 0
Custom category block: 0
Site reputation permit: 0
Site reputation block: 0
Cache hit permit: 0
Cache hit block: 0
Safe-search redirect: 0
Web-filtering sessions in total: 64000
Web-filtering sessions in use: 33
Fallback: log-and-permit block
Default 0 0
Timeout 0 0
Connectivity 0 0
Too-many-requests 0 0
{primary:node0}
My brain hurts.... anyone seen this weirdness before?
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau>
linkedin.com/in/skeeve
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
More information about the juniper-nsp
mailing list