Solved

Block Specific URL in Juniper Netscreen 5GT

Posted on 2007-10-19
3
4,644 Views
Last Modified: 2008-07-24
I have successfully configured the Web filter in my Jetscreen 5GT but can only get it to work with the reconfigured categories.  How do I block a specific URL?
0
Comment
Question by:MERCOMMS
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
ccreamer_22 earned 250 total points
Comment Utility
I have had the same problem. The Netscreens are really bad at blocking sites by URL or Domain Name. Basically, you need to get the ip address of the website by pinging it. Then go into the WebUI and go to Objects > Addresses > List. Create a new untrust site with that ip address with a /32 bitmask. Then go to policiesand create a policy from trust to untrust. Make the trust side your internal network, the untrust side that ip address you created in the address list. Set the policy to deny and put a check in place this policy at the top. Press ok and test.
0
 

Author Comment

by:MERCOMMS
Comment Utility
Test site: Monster.com
ping of Monster.com results in 63.121.29.1

Objects --> Addresses --> List
I added one with
Address name: Monster
IP Address 63.121.29.1/32
Zone: Untrust

Polocies
name: Monster
Source Address: Any
Destination Address: Address Book Entry->Monster
Service:Any
Applicaiton:None
Action:Deny

Still able to browse monster.com
0
 
LVL 5

Expert Comment

by:ccreamer_22
Comment Utility
That's because they have multiple sites using BGP. You block 1 ip and another one reroutes it through another ip. What you have to do is research them by blocking 1 ip then trace route to them again and block the next ip until none of their ip addresses for the website can be found. This is a long task, but it is the solution. These firewalls are not really ment to be used like this. Try it on another site not using BGP to test it. Like nypl.org. The ip is 65.88.89.108. If you block it, you wont be able to get to the web site.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Internet Data Cap Based On MAC Address 10 99
LDAP Sending RST 11 64
Sonicwall - user objects - usage 2 26
SonicWall blocking WOL 11 47
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now