Auditing Web Page Access
The audit function is enabled on the FW to audit users' access to web pages.
Faced Problems
As shown in Figure 1, an enterprise deploys the FW as a gateway to connect the intranet to the Internet.
Intranet users browse illegitimate websites at will, bringing about legal risks. In case of a security event, the owner cannot be located or traced.
Solution
With the audit function, the FW audits users' access to web pages, facilitating the locating and tracing of owners and providing the basis for tuning security policies in the future.
Configure an audit policy based on the traffic sent from intranet users to access the Internet and reference the audit profile in the audit policy to audit users' access to web pages.
Click Add to create audit profile profile_audit and select Audit HTTP Behavior to audit URL Access and Web Page Title.
- Click OK.
Click Add to create an audit policy. Configure matching conditions for the audit policy as required and reference the audit profile in the audit policy.
Set audit policy parameters. The referenced user group named users has been created.
Name policy1 Source zone trust Destination zone untrust Source Address/Region 192.168.0.0/255.255.255.0 User /default/users Action Audit Audit Configuration profile_audit - Click OK.
Verification
Choose . You can find the logs generated when the FW audits users' access to web pages.
Configuration Scripts
The configuration script related to the example is as follows:
# profile type audit name profile_audit http-audit url all http-audit url recorded-title # audit-policy rule name policy1 source-zone trust destination-zone untrust source-address 192.168.0.0 mask 255.255.255.0 user user-group /default/users action audit profile profile_audit #