How to block IP subnets on Netscreen 50
Posted on 2010-11-29
I have a Juniper Netscreen 50 which was implemented long before I was hired. I've been digging around the web GUI and the CLI and have learned quite a bit but cannot seem to figure out how to block specific subnets/hosts from getting into my network. I'm a Cisco guy and know how to do this on a PIX/ASA/router with ACLs and such but the Juniper way of doing things is a bit confusing. We have a few specific subnets that we need to just deny from accessing our network (FTP dictionary attacks) but I can't seem to figure it out.
It's running ScreenOS 5.4.0r11.0.
There are three virtual routers, trust-vr, untrust-vr, and vpn-vr. We have two different public subnets on this router, one on ethernet2 and one on ethernet3. Our trusted side is on ethernet1. I need to block traffic from specific subnets (220.127.116.11/8 for example) from reaching any host on my network.
Any help would be greatly appreciated. As I've said, I'm a Cisco certified guy and I've been in the networking arena for many years but I'm completely new to Juniper systems. Stepping through the GUI or the CLI is fine by me.