Solved

juniper netscreen Router

Posted on 2009-04-09
11
3,973 Views
Last Modified: 2012-05-06
i am having Juniper Netscreen NS5GT box in my office. i already set up trust untrust policy in that. but i was not able to block some websites like  youtube.com, friendster.com

rather than these site all other sites i was able to block without any issue.  i even try to block these site using the there IP .. but no use


0
Comment
Question by:samithsukumar
  • 5
  • 5
11 Comments
 
LVL 18

Expert Comment

by:deimark
Comment Utility
Hiya bud

How did you block the other websites and what is different about trying to block youtube etc?

Are you using the full URL Filtering technology (including subscriptions) or are you just using a white/black list?
0
 
LVL 3

Author Comment

by:samithsukumar
Comment Utility
am not using full URL filtering . I maintain Black & white list. i am not even aware that My Box { netscreen NS5GT+ADSL) having url filtering option
0
 
LVL 18

Expert Comment

by:deimark
Comment Utility
Can you send us the extract from your config to show the URL filtering you are applying bud?  It will help us determine what the problem is.

If you can show us a config that works for a web site, then the one that doesnt work, we can compare and correct
0
 
LVL 3

Author Comment

by:samithsukumar
Comment Utility
please find the attached config file
0
 
LVL 3

Author Comment

by:samithsukumar
Comment Utility
set clock dst-off
set clock timezone 4
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "WOLFKING"
set admin password "WKGSDFRGNSD"
set admin user "foxking" password "4589jdhfdsh" privilege "all"
set admin scs password disable username rockeme
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Untrust" screen alarm-without-drop
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen port-scan
set zone "Untrust" screen ip-sweep
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ip-spoofing
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "Untrust" screen syn-frag
set zone "Untrust" screen tcp-no-flag
set zone "Untrust" screen unknown-protocol
set zone "Untrust" screen ip-bad-option
set zone "Untrust" screen ip-record-route
set zone "Untrust" screen ip-timestamp-opt
set zone "Untrust" screen ip-security-opt
set zone "Untrust" screen ip-loose-src-route
set zone "Untrust" screen ip-strict-src-route
set zone "Untrust" screen ip-stream-opt
set zone "Untrust" screen icmp-fragment
set zone "Untrust" screen icmp-large
set zone "Untrust" screen syn-fin
set zone "Untrust" screen fin-no-ack
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
set interface "adsl1" pvc 0 50 mux llc protocol bridged zone "Untrust"
set interface "tunnel.1" zone "Untrust"
set interface "tunnel.2" zone "Trust"
unset interface vlan1 ip
set interface trust ip 10.100.2.1/24
set interface trust nat
set interface untrust ip 123.39.0.677/24
set interface untrust route
set interface adsl1 ip 54.56.112.134/32
set interface adsl1 route
set interface tunnel.1 ip unnumbered interface adsl1
set interface tunnel.2 ip unnumbered interface trust
set interface "untrust" pmtu ipv4
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface untrust ip manageable
set interface adsl1 ip manageable
set interface untrust manage ping
set interface untrust manage ssh
set interface untrust manage telnet
set interface untrust manage snmp
set interface untrust manage ssl
set interface untrust manage web
set interface adsl1 manage ping
set interface adsl1 manage ssh
set interface adsl1 manage telnet
set interface adsl1 manage snmp
set interface adsl1 manage ssl
set interface adsl1 manage web
set flow tcp-mss
set flow all-tcp-mss 1304
unset flow tcp-syn-check
set failover enable

set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 213.57.50.60
set dns host dns2 195.229.241.222
set dns host dns3 0.0.0.0
set dns ddns
set dns ddns id 1 server-type dyndns clear-text
set dns ddns id 1 username mee2 password /123fdnduyx==
set dns ddns id 1 src-interface adsl1 host-name 443utf.medns.org
set dns ddns enable
set address "Trust" "10.100.2.0/24" 10.100.2.0 255.255.255.0
set address "Trust" "10.100.2.1/32" 10.100.2.1 255.255.255.255
set address "Trust" "A_McDonald" 10.100.2.58 255.255.255.255
set address "Trust" "Adoinse_pc" 10.100.2.176 255.255.255.255
set address "Trust" "Anil kumar" 10.100.2.55 255.255.255.255
set address "Trust" "B_Sullivan" 10.100.2.52 255.255.255.255
set address "Trust" "CAD" 10.100.2.112 255.255.255.255
set address "Trust" "Commissioning Team" 10.100.2.97 255.255.255.255
set address "Trust" "cris_warlo" 10.100.2.88 255.255.255.255 "regional manger"
set address "Trust" "d_crotty" 10.100.2.63 255.255.255.255
set address "Trust" "DC45kg" 10.100.2.8 255.255.255.255
set address "Trust" "DC4yj7" 10.100.2.6 255.255.255.255
set address "Trust" "des_new" 10.100.2.79 255.255.255.255
set address "Trust" "E_RoomPC1" 10.100.2.56 255.255.255.255
set address "Trust" "Eric_Barrie" 10.100.2.72 255.255.255.255
set address "Trust" "F_Hughes" 10.100.2.59 255.255.255.255
set address "Trust" "FOConnor" 10.100.2.73 255.255.255.255
set address "Trust" "Graham_ODriscoll" 10.100.2.74 255.255.255.255
set address "Trust" "Guest1" 10.100.2.99 255.255.255.255
set address "Trust" "H_Gregory" 10.100.2.57 255.255.255.255
set address "Trust" "HSE" 10.100.2.64 255.255.255.255
set address "Trust" "ieno_250 _A3 office" 10.100.2.17 255.255.255.255
set address "Trust" "J_Lynch" 10.100.2.23 255.255.255.255
set address "Trust" "J_Sweeney" 10.100.2.3 255.255.255.255
set address "Trust" "John Powell" 10.100.2.61 255.255.255.255
set address "Trust" "Jonarthan" 10.100.2.62 255.255.255.255
set address "Trust" "Joshua" 10.100.2.69 255.255.255.255
set address "Trust" "Keith_O_Brien" 10.100.2.4 255.255.255.255
set address "Trust" "Minolta_ScanCopier" 10.100.2.12 255.255.255.255
set address "Trust" "MMurphy" 10.100.2.70 255.255.255.255
set address "Trust" "MOConnell" 10.100.2.10 255.255.255.255
set address "Trust" "new_arrival" 10.100.2.15 255.255.255.255
set address "Trust" "new_man" 10.100.2.18 255.255.255.255
set address "Trust" "P_Loftus" 10.100.2.34 255.255.255.255
set address "Trust" "PLofuts_Notebook" 10.100.2.123 255.255.255.255
set address "Trust" "R_Mcrimmond" 10.100.2.11 255.255.255.255
set address "Trust" "rajvel_pandy" 10.100.2.21 255.255.255.255
set address "Trust" "Rami" 10.100.2.228 255.255.255.255
set address "Trust" "Ray" 10.100.2.81 255.255.255.255
set address "Trust" "Richi_reyan" 10.100.2.41 255.255.255.255
set address "Trust" "Saftey" 10.100.2.64 255.255.255.255
set address "Trust" "Sharafudheen" 10.100.2.72 255.255.255.255
set address "Trust" "System_Admin" 10.100.2.96 255.255.255.255
set address "Trust" "temp" 10.100.2.110 255.255.255.255
set address "Trust" "Temp1" 10.100.2.104 255.255.255.255
set address "Trust" "test" 10.100.1.248 255.255.255.255
set address "Untrust" "10.100.1.0/24" 10.100.1.0 255.255.255.0
set address "Untrust" "10.100.4.0/24" 10.100.4.0 255.255.255.0
set address "Untrust" "10.100.4.1/32" 10.100.4.1 255.255.255.255
set address "Untrust" "Allow ourcompany" *.der.com
set address "Untrust" "bbc" www.bbc.net.uk
set address "Untrust" "bbc_sport" news.bbc.co.uk
set address "Untrust" "Bechtel_Eroom" 66.210.251.36 255.255.255.255
set address "Untrust" "Bulk_Download1" rapidshare.com
set address "Untrust" "Bulk_Download2" rapidshare.de
set address "Untrust" "Bulk_Download3" friendster.com
set address "Untrust" "Bulk_Download4" meebo.in
set address "Untrust" "Chat_Board" jayh.org
set address "Untrust" "Chikka - messaging" www.java.chikka.com
set address "Untrust" "Chikka1 - Messaging" www.chikka.com
set address "Untrust" "Corporate_KDL" 193.95.161.194 255.255.255.255
set address "Untrust" "Corporate_88888" www.sdfhs.com
set address "Untrust" "Email Exchange" 71.67.33.51 255.255.255.255
set address "Untrust" "google" 66.249.89.99 255.255.255.255
set address "Untrust" "Hi5.com" 66.218.161.68 255.255.255.255
set address "Untrust" "Hotmail1" 208.173.208.152 255.255.255.255
set address "Untrust" "Hotmail2" hotmail.com
set address "Untrust" "Hotmail3" login.live.com
set address "Untrust" "Hotmail4" 64.4.33.7 255.255.255.255
set address "Untrust" "Hotspot" 74.85.13.40 255.255.255.255
set address "Untrust" "Hotspot1" 74.85.13.41 255.255.255.255
set address "Untrust" "live_search" 88.221.217.16 255.255.255.255
set address "Untrust" "Mashreqbank" mashreqbank.com
set address "Untrust" "Mashreqbank1" 91.75.72.67 255.255.255.255
set address "Untrust" "MP3_1" youtube.com
set address "Untrust" "MP3_2" 123musiq.com
set address "Untrust" "owa4.mee.com" 21.14.17.051 255.255.255.255
set address "Untrust" "Proxy1_195.229.241.17" 195.229.241.17 255.255.255.255
set address "Untrust" "Proxy1_213.42.1.19" 213.42.1.19 255.255.255.255
set address "Untrust" " Email Exchange"  255.255.255.255
set address "Untrust" "Rediff" 88.221.217.17 255.255.255.255
set address "Untrust" "SAV_3" 80.67.86.16 255.255.255.255
set address "Untrust" "Sav_4" 216.200.68.151 255.255.255.255
set address "Untrust" "SAV_LiveUpdate" symantecliveupdate.com
set address "Untrust" "Sav_LiveUpdate1" liveupdate.symantecliveupdate.com
set address "Untrust" "MEEE.COM" 134.183.44.120 255.255.255.255
set address "Untrust" "youtube_with ip" 208.65.153.238 255.255.255.255
set group address "Trust" "internet_computer2" comment "static Ips"
set group address "Trust" "internet_computer2" add "cris_warlo"
set group address "Trust" "internet_computer2" add "des_new"
set group address "Trust" "internet_computer2" add "HSE"
set group address "Trust" "internet_computer2" add "new_man"
set group address "Trust" "internet_computer2" add "Ray"
set group address "Trust" "Internet_Computers" comment "Computers with Full Net Access"
set group address "Trust" "Internet_Computers" add "A_McDonald"
set group address "Trust" "Internet_Computers" add "Anil kumar"
set group address "Trust" "Internet_Computers" add "B_Sullivan"
set group address "Trust" "Internet_Computers" add "Commissioning Team"
set group address "Trust" "Internet_Computers" add "d_crotty"
set group address "Trust" "Internet_Computers" add "DC458AP"
set group address "Trust" "Internet_Computers" add "DC458FS"
set group address "Trust" "Internet_Computers" add "E_RoomPC1"
set group address "Trust" "Internet_Computers" add "Eric_Barrie"
set group address "Trust" "Internet_Computers" add "F_Hughes"
set group address "Trust" "Internet_Computers" add "FOConnor"
set group address "Trust" "Internet_Computers" add "Graham_ODriscoll"
set group address "Trust" "Internet_Computers" add "Guest1"
set group address "Trust" "Internet_Computers" add "H_Gregory"
set group address "Trust" "Internet_Computers" add "ieno_250 _A3 office"
set group address "Trust" "Internet_Computers" add "J_Lynch"
set group address "Trust" "Internet_Computers" add "J_Sweeney"
set group address "Trust" "Internet_Computers" add "John Powell"
set group address "Trust" "Internet_Computers" add "Jonarthan"
set group address "Trust" "Internet_Computers" add "Joshua"
set group address "Trust" "Internet_Computers" add "Keith_O_Brien"
set group address "Trust" "Internet_Computers" add "Minolta_ScanCopier"
set group address "Trust" "Internet_Computers" add "MMurphy"
set group address "Trust" "Internet_Computers" add "MOConnell"
set group address "Trust" "Internet_Computers" add "new_arrival"
set group address "Trust" "Internet_Computers" add "P_Loftus"
set group address "Trust" "Internet_Computers" add "R_Mcrimmond"
set group address "Trust" "Internet_Computers" add "rajvel_pandy"
set group address "Trust" "Internet_Computers" add "Richi_reyan"
set group address "Trust" "Internet_Computers" add "Sharafudheen"
set group address "Trust" "Internet_Computers" add "System_Admin"
set group address "Trust" "Internet_Computers" add "internet_computer2"
set group address "Untrust" "Allowed_Sites" comment "Websites Allowed for All Users"
set group address "Untrust" "Allowed_Sites" add "Allow mee Access"
set group address "Untrust" "Allowed_Sites" add "bbc"
set group address "Untrust" "Allowed_Sites" add "bbc_sport"
set group address "Untrust" "Allowed_Sites" add "_Eroom"
set group address "Untrust" "Allowed_Sites" add "Corporate_"
set group address "Untrust" "Allowed_Sites" add "Corporate"
set group address "Untrust" "Allowed_Sites" add "Email Exchange"
set group address "Untrust" "Allowed_Sites" add "Hotmail1"
set group address "Untrust" "Allowed_Sites" add "Hotmail2"
set group address "Untrust" "Allowed_Sites" add "Hotmail3"
set group address "Untrust" "Allowed_Sites" add "Hotmail4"
set group address "Untrust" "Allowed_Sites" add "Mashreqbank"
set group address "Untrust" "Allowed_Sites" add "Mashreqbank1"
set group address "Untrust" "Allowed_Sites" add ""
set group address "Untrust" "Allowed_Sites" add ""
set group address "Untrust" "Allowed_Sites" add "SAV_3"
set group address "Untrust" "Allowed_Sites" add "Sav_4"
set group address "Untrust" "Allowed_Sites" add "SAV_LiveUpdate"
set group address "Untrust" "Allowed_Sites" add "Sav_LiveUpdate1"
set group address "Untrust" "Allowed_Sites" add "utskent.com"
set group address "Untrust" "Blocked_Sites" comment "Sites Blocked For All"
set group address "Untrust" "Blocked_Sites" add "Bulk_Download1"
set group address "Untrust" "Blocked_Sites" add "Bulk_Download2"
set group address "Untrust" "Blocked_Sites" add "Bulk_Download3"
set group address "Untrust" "Blocked_Sites" add "Bulk_Download4"
set group address "Untrust" "Blocked_Sites" add "Chat_Board"
set group address "Untrust" "Blocked_Sites" add "Chikka - messaging"
set group address "Untrust" "Blocked_Sites" add "Chikka1 - Messaging"
set group address "Untrust" "Blocked_Sites" add "Hi5.com"
set group address "Untrust" "Blocked_Sites" add "live_search"
set group address "Untrust" "Blocked_Sites" add "MP3_1"
set group address "Untrust" "Blocked_Sites" add "MP3_2"
set group address "Untrust" "Blocked_Sites" add "Rediff"
set group address "Untrust" "Blocked_Sites" add "youtube_with ip"
set group address "Untrust" "Corp_addr"
set group address "Untrust" "Corp_addr" add "Corporate_"
set group address "Untrust" "Proxy1.emirates.net.a"
set group address "Untrust" "Proxy1.emirates.net.a" add "Proxy1_195.229.241.17"
set group address "Untrust" "Proxy1.emirates.net.a" add "Proxy1_213.42.1.19"
set group service "Permit List"
set group service "Permit List" add "MAIL"
set group service "Permit List" add "POP3"
set user "vpnuser" uid 1
set user "vpnuser" ike-id fqdn "rafgrijg.mydns.org" share-limit 1
set user "vpnuser" type  ike
set user "vpnuser" "enable"
set ike gateway "_VPN_P1" address houtsk.gotdns.org Aggr outgoing-interface "adsl1" preshare "lqx7h==" proposal "pre-g2-3des-sha"
set ike gateway "vpngateway1" dialup "vpnuser" Aggr outgoing-interface "adsl1" preshare "RaJFC3Fj==" proposal "pre-g1-des-sha"
set ike gateway "vpngateway1" cert peer-ca all
unset ike gateway "vpngateway1" nat-traversal
set ike gateway "vpnSupport" address vgjy.mydns.org Main outgoing-interface "adsl1" preshare "UhLgdUc==" proposal "pre-g2-3des-sha"
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vpn "HABSHAN_VPN_P2" gateway "HA_VPN_P1" no-replay tunnel idletime 0 proposal "g2-esp-"
set vpn "HABSHAN_VPN_P2" monitor optimized rekey
set vpn "HABSHAN_VPN_P2" id 1 bind interface tunnel.1
set vpn "dialvpn1" gateway "vpngateway1" no-replay tunnel idletime 0 proposal "nopfs-esp-des-md5"
set vpn "vpnSupport" gateway "vpnSupport" no-replay tunnel idletime 0 sec-level compatible
set vpn "vpnSupport" id 3 bind interface tunnel.2
set attack db server "https://services.netscreen.com/restricted/sigupdates"
set attack db mode Update
set attack db schedule daily 00:00
set av profile "scan-mgr"
set ftp scan-mode  scan-all  
set ftp decompress-layer  2  
unset http enable    
set http scan-mode  scan-all  
set http skipmime mime-list  "ns-skip-mime-list"  
set imap scan-mode  scan-all  
set imap decompress-layer  2  
set pop3 scan-mode  scan-all  
set pop3 decompress-layer  2  
set smtp scan-mode  scan-all  
set smtp decompress-layer  2  
exit
set url protocol websense
unset deny-message use-server
exit
set anti-spam profile ns-profile
 set sbl default-server enable
 set default action tag subject "***SPAM***  "
exit
set vpn "HABSHAN_VPN_P2" proxy-id local-ip .0/24 remote-ip /24 "ANY"
set policy id 11 name "Webmail_Policy" from "Trust" to "Untrust"  "Any" "Email Exchange" "HTTPS" permit
set policy id 11
exit
set policy id 10 from "Untrust" to "Trust"  ".0/24" "0/24" "ANY" permit
set policy id 10
exit
set policy id 9 from "Trust" to "Untrust"  "10.24" "100/24" "ANY" permit log
set policy id 9
exit
set policy id 3 from "Trust" to "Untrust"  "10.1.0/24" "10/24" "ANY" permit log
set policy id 3
exit
set policy id 6 name "No_Chatting" from "Trust" to "Untrust"  "Any" "Any" "AOL" deny log
set policy id 6
set service "GTP"
set service "IRC"
set service "MS-MESSENGER"
set service "MSN"
set service "NetMeeting"
set service "RTSP"
set service "YMSG"
set service "VOIP"
exit
set policy id 7 name "Banned_Sites" from "Trust" to "Untrust"  "Any" "Blocked_Sites" "ANY" deny log
set policy id 7
exit
set policy id 5 from "Trust" to "Untrust"  "Any" "Allowed_Sites" "ANY" permit log
set policy id 5
exit
set policy id 2 name "Allow All Traffic" from "Trust" to "Untrust"  "Internet_Computers" "Any" "ANY" permit log
set policy id 2 av "scan-mgr"
set policy id 2
exit
set policy id 4 from "Untrust" to "Trust"  "10./24" "10.10/24" "ANY" permit log
set policy id 4
exit
set policy id 8 from "Untrust" to "Trust"  "Dial-Up VPN" "10./24" "ANY" tunnel vpn "dialvpn1" id 2
set policy id 8 disable
set policy id 8
exit
set pppoe name "new connection"
set pppoe name "new connection" username "" password "nGw=="
set pppoe name "new connection" interface adsl1
set pppoa name "ADSL" username "" password "9=="
set pppoa name "ADSL" idle 0
unset pppoa name "ADSL" update-dhcpserver
set pppoa name "ADSL" auto-connect 3
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set scp enable
set config lock timeout 5
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 10.100.1.0/24 interface tunnel.1 preference 20
set route 10.100.4.0/24 interface tunnel.2 preference 20
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 18

Expert Comment

by:deimark
Comment Utility
OK, so from the config you are simply blocking IP addresses not using any URL filtering stuff.

set policy id 7 name "Banned_Sites" from "Trust" to "Untrust"  "Any" "Blocked_Sites" "ANY" deny log

This is your only block rule referring to web sites.

This rule has the address objects added above as DNS entries, which is all well and good while you are only pointing to static DNS entries, ie entries that are not load balanced and only have 1 host per entry.

In the case of youtube, they use some form of load balancing to send traffic and users to different servers (as everyone all going to 1 box will kill it) and I suspect its some form of DNS load balancing, ie a device hosts the entry for www.youtube.com and when a user requests that URL, the devoice then sends the user to one of the many servers, the user is presented with a connection to an IP address that is not bound to youtube.com (as far as the user knows that is).

If you want to fully block youtube, do 1 of the 2 following steps:

1.  Get a proper web filtering solution, Juniper offers that on the SSG devices but it will mean a years subscription cost to you.

2.  Continue to ping/connect to youtube and take note of all the end IPs addresses you get and then add them to the list of locked sites.

Option 2 is a very inelegant and dirty solution and is prone to error as you have to take a guess if you have managed to connect to all hosts you need, whereas, 1 is the only only true workable solution bud

HTH
0
 
LVL 3

Author Comment

by:samithsukumar
Comment Utility
i have one more doubt. As you seen in my config file is there any way to monitor the traffic for particular IP.
 i had given static ip to the users who using internet in my LAN. Now i need to track the  there bandwidth usage . is there anyway to confg that in my Box
0
 
LVL 18

Expert Comment

by:deimark
Comment Utility
You can add the "count" option to the rule that you want to get some bandwidth data for bud, but this will need to be enabled per rule, so if you have 3 rules to monitor the traffic for 1 host using web, mail an FTP (1 service per rule for example) then you will need to add counting to each rule and then add up the totals manually.

What rule above is it you want to monitor?
0
 
LVL 3

Author Comment

by:samithsukumar
Comment Utility
i only need to monitor the bandwidth usage of   set address "Trust" "A_McDonald" 10.100.2.58
 As i am not good in juniper router please advice me in step by step manner
 
0
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
Comment Utility
Sadly, you cant monitor on a host basis, only on a policy.

So to achieve your goal, you will need to specify separate rules for the individual host and set the policy options to "count" as above
0
 
LVL 1

Expert Comment

by:la-tempestad
Comment Utility
As deimark suggesting you could by a web filtering box such as SSG or SURFCONTROL.I found it really hard to block web sites(url's) by using Juniper box's on its own.
We were using Surfcontrol and you can block whole lot of things by criteriarising such as violence,sex,crime,spam,etc.etc.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now