Solved

Block Specific URL in Juniper Netscreen 5GT

Posted on 2007-10-19
3
4,650 Views
Last Modified: 2008-07-24
I have successfully configured the Web filter in my Jetscreen 5GT but can only get it to work with the reconfigured categories.  How do I block a specific URL?
0
Comment
Question by:MERCOMMS
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
ccreamer_22 earned 250 total points
ID: 20113311
I have had the same problem. The Netscreens are really bad at blocking sites by URL or Domain Name. Basically, you need to get the ip address of the website by pinging it. Then go into the WebUI and go to Objects > Addresses > List. Create a new untrust site with that ip address with a /32 bitmask. Then go to policiesand create a policy from trust to untrust. Make the trust side your internal network, the untrust side that ip address you created in the address list. Set the policy to deny and put a check in place this policy at the top. Press ok and test.
0
 

Author Comment

by:MERCOMMS
ID: 20132249
Test site: Monster.com
ping of Monster.com results in 63.121.29.1

Objects --> Addresses --> List
I added one with
Address name: Monster
IP Address 63.121.29.1/32
Zone: Untrust

Polocies
name: Monster
Source Address: Any
Destination Address: Address Book Entry->Monster
Service:Any
Applicaiton:None
Action:Deny

Still able to browse monster.com
0
 
LVL 5

Expert Comment

by:ccreamer_22
ID: 20135169
That's because they have multiple sites using BGP. You block 1 ip and another one reroutes it through another ip. What you have to do is research them by blocking 1 ip then trace route to them again and block the next ip until none of their ip addresses for the website can be found. This is a long task, but it is the solution. These firewalls are not really ment to be used like this. Try it on another site not using BGP to test it. Like nypl.org. The ip is 65.88.89.108. If you block it, you wont be able to get to the web site.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now