• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 600
  • Last Modified:

Prevent some users from using the internet - ssg5

How do I control internet access for a particular group of users at certain times in the day on a juniper ssg5?
  • 3
2 Solutions

you can do it by configurin policy from LAn to WAN
where sorce will be routr user ip address and destination will be any and action will be drop or block


QlemoBatchelor and DeveloperCommented:
This needs correction:
  1. Create a policy Trust to Untrust, with related source IP addresses and destination any, service any, Action Deny or Reject (Deny will just time out, Reject will send a "no-no" packet to the source, which leads to quicker reactions).
  2. Create a time schedule.
  3. Assign the time schedule to the above policy.
  4. Place the policy before your policy allowing Internet access.
With the time schedule, you can also define several policies with different traffic shaping parameters (action has to be Allow then). That way you can throttle instead of deny Internet access, which is sometimes more "educative".

trose2Author Commented:
I created an address list, created a group to put those users in, then created a schedule attached the policy to the schedule, place deny on the policy, but the time is not shutting the users on and off.  It just keep the users of
QlemoBatchelor and DeveloperCommented:
Existing sessions are not cut off. Deny/Permit changes only apply on new sessions. However, HTTP is a stateless protocol, sessions are created all the time. FTP and BitTorrent aso. are different, as they maintain one or more parallel data streams over some time.

The traffic shaping, however, should work, as it can be applied to active sessions (I reckon).
QlemoBatchelor and DeveloperCommented:
http:/Q_24425644.html#24439134 does not provide any useful details to a solution.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now