Untrust --> Trust REJECT Policy

Posted on 2008-11-12
Last Modified: 2013-11-16
I am trying to setup a policy for blocking a range of IP address (218.56.00 through on a netscreen 25 with a policy.  I setup the Untrust to Trust Policy, i have to setup 4 policies i think.

Policy Details As Follows:
Destination: ANY
Action: Reject (I also tried DENY)

This is an example of the first policy I need to create identical polices for,,, I think.  Any help is really welcomed.  thanks

I then added it to the top of the stack, but it does not reject the incoming packets what am I missing.  
Question by:sgroner
    LVL 32

    Expert Comment

    You should first add a address object [network in this case as you wish to specify network mask], use following CLIs:

    set address Untrust name1 ip/subnet
    set policy id x from untrust to trust name1 ANY ANY reject log

    You can make four address objects and then make them member of one single address object; this way you would need to add just one policy.

    Please implement and update.

    Thank you.
    LVL 1

    Author Comment

    Can you verify my subnet ip / subnets above are correct for eliminating these 4.?  They are listed above in the question...
    LVL 32

    Accepted Solution

    As you plan to block all addresses from; the subnet mask is correct [similarly for other subnets also]; please note all incoming traffic from the start - end IP on .56, .57, .58 and .59 would be blocked.

    Thank you.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now