Untrust --> Trust REJECT Policy

I am trying to setup a policy for blocking a range of IP address (218.56.00 through 218.59.255.255) on a netscreen 25 with a policy.  I setup the Untrust to Trust Policy, i have to setup 4 policies i think.

Policy Details As Follows:
Source: 218.56.0.0/16
Destination: ANY
Action: Reject (I also tried DENY)

This is an example of the first policy I need to create identical polices for 218.57.0.0/16,218.58.0.0/16,218.59.0.0/16, I think.  Any help is really welcomed.  thanks

I then added it to the top of the stack, but it does not reject the incoming packets what am I missing.  
LVL 1
Steve GronerLead Systems EngineerAsked:
Who is Participating?
 
dpk_walConnect With a Mentor Commented:
As you plan to block all addresses from 218.56.0.0-218.56.255.255; the subnet mask is correct [similarly for other subnets also]; please note all incoming traffic from the start - end IP on .56, .57, .58 and .59 would be blocked.

Thank you.
0
 
dpk_walCommented:
You should first add a address object [network in this case as you wish to specify network mask], use following CLIs:

set address Untrust name1 ip/subnet
set policy id x from untrust to trust name1 ANY ANY reject log

You can make four address objects and then make them member of one single address object; this way you would need to add just one policy.

Please implement and update.

Thank you.
0
 
Steve GronerLead Systems EngineerAuthor Commented:
Can you verify my subnet ip / subnets above are correct for eliminating these 4.?  They are listed above in the question...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.