Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Prevent some users from using the internet - ssg5

Posted on 2009-05-20
7
Medium Priority
?
594 Views
Last Modified: 2013-11-25
How do I control internet access for a particular group of users at certain times in the day on a juniper ssg5?
0
Comment
Question by:trose2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 5

Expert Comment

by:devangshroff
ID: 24439134
Hi,

you can do it by configurin policy from LAn to WAN
where sorce will be routr user ip address and destination will be any and action will be drop or block
done

regards,

devang
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 24447076
This needs correction:
  1. Create a policy Trust to Untrust, with related source IP addresses and destination any, service any, Action Deny or Reject (Deny will just time out, Reject will send a "no-no" packet to the source, which leads to quicker reactions).
  2. Create a time schedule.
  3. Assign the time schedule to the above policy.
  4. Place the policy before your policy allowing Internet access.
With the time schedule, you can also define several policies with different traffic shaping parameters (action has to be Allow then). That way you can throttle instead of deny Internet access, which is sometimes more "educative".

0
 

Author Comment

by:trose2
ID: 24450750
I created an address list, created a group to put those users in, then created a schedule attached the policy to the schedule, place deny on the policy, but the time is not shutting the users on and off.  It just keep the users of
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 2000 total points
ID: 24451182
Existing sessions are not cut off. Deny/Permit changes only apply on new sessions. However, HTTP is a stateless protocol, sessions are created all the time. FTP and BitTorrent aso. are different, as they maintain one or more parallel data streams over some time.

The traffic shaping, however, should work, as it can be applied to active sessions (I reckon).
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 25877601
http:/Q_24425644.html#24439134 does not provide any useful details to a solution.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Introduction to Processes
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question