Solved

Block Specific URL in Juniper Netscreen 5GT

Posted on 2007-10-19
3
4,655 Views
Last Modified: 2008-07-24
I have successfully configured the Web filter in my Jetscreen 5GT but can only get it to work with the reconfigured categories.  How do I block a specific URL?
0
Comment
Question by:MERCOMMS
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
ccreamer_22 earned 250 total points
ID: 20113311
I have had the same problem. The Netscreens are really bad at blocking sites by URL or Domain Name. Basically, you need to get the ip address of the website by pinging it. Then go into the WebUI and go to Objects > Addresses > List. Create a new untrust site with that ip address with a /32 bitmask. Then go to policiesand create a policy from trust to untrust. Make the trust side your internal network, the untrust side that ip address you created in the address list. Set the policy to deny and put a check in place this policy at the top. Press ok and test.
0
 

Author Comment

by:MERCOMMS
ID: 20132249
Test site: Monster.com
ping of Monster.com results in 63.121.29.1

Objects --> Addresses --> List
I added one with
Address name: Monster
IP Address 63.121.29.1/32
Zone: Untrust

Polocies
name: Monster
Source Address: Any
Destination Address: Address Book Entry->Monster
Service:Any
Applicaiton:None
Action:Deny

Still able to browse monster.com
0
 
LVL 5

Expert Comment

by:ccreamer_22
ID: 20135169
That's because they have multiple sites using BGP. You block 1 ip and another one reroutes it through another ip. What you have to do is research them by blocking 1 ip then trace route to them again and block the next ip until none of their ip addresses for the website can be found. This is a long task, but it is the solution. These firewalls are not really ment to be used like this. Try it on another site not using BGP to test it. Like nypl.org. The ip is 65.88.89.108. If you block it, you wont be able to get to the web site.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA NAT rules for different port forwarding 3 64
Hardening ScreenOS 8 108
Sonicwall routing between VPNs 5 53
Turn off SIP ALG - Cisco ASA 5505 1 70
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now