Solved

Block Specific URL in Juniper Netscreen 5GT

Posted on 2007-10-19
3
4,659 Views
Last Modified: 2008-07-24
I have successfully configured the Web filter in my Jetscreen 5GT but can only get it to work with the reconfigured categories.  How do I block a specific URL?
0
Comment
Question by:MERCOMMS
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
ccreamer_22 earned 250 total points
ID: 20113311
I have had the same problem. The Netscreens are really bad at blocking sites by URL or Domain Name. Basically, you need to get the ip address of the website by pinging it. Then go into the WebUI and go to Objects > Addresses > List. Create a new untrust site with that ip address with a /32 bitmask. Then go to policiesand create a policy from trust to untrust. Make the trust side your internal network, the untrust side that ip address you created in the address list. Set the policy to deny and put a check in place this policy at the top. Press ok and test.
0
 

Author Comment

by:MERCOMMS
ID: 20132249
Test site: Monster.com
ping of Monster.com results in 63.121.29.1

Objects --> Addresses --> List
I added one with
Address name: Monster
IP Address 63.121.29.1/32
Zone: Untrust

Polocies
name: Monster
Source Address: Any
Destination Address: Address Book Entry->Monster
Service:Any
Applicaiton:None
Action:Deny

Still able to browse monster.com
0
 
LVL 5

Expert Comment

by:ccreamer_22
ID: 20135169
That's because they have multiple sites using BGP. You block 1 ip and another one reroutes it through another ip. What you have to do is research them by blocking 1 ip then trace route to them again and block the next ip until none of their ip addresses for the website can be found. This is a long task, but it is the solution. These firewalls are not really ment to be used like this. Try it on another site not using BGP to test it. Like nypl.org. The ip is 65.88.89.108. If you block it, you wont be able to get to the web site.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question