Solved

How to block facebook in Firewall Juniper SSG320m? any idea?

Posted on 2014-02-03
8
1,825 Views
Last Modified: 2014-02-10
Hi EE's

Any please help me to block https://facebook.com from my network. I am using Juniper SSG 320m. I not an expert in Juniper. Please help.

Regards
Shamil
0
Comment
Question by:Shamil Mohamed
  • 3
  • 2
  • 2
8 Comments
 

Expert Comment

by:nitintembhare
ID: 39831690
Use Integrated Web filtering feature for blocking the specific web URL.
0
 

Author Comment

by:Shamil Mohamed
ID: 39831694
where i need to Integrated web filtering feature?
0
 

Expert Comment

by:nitintembhare
ID: 39831713
The Integrated web filtering feature has to be subscribed from juniper.........
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 68

Expert Comment

by:Qlemo
ID: 39831809
The only other way is to block traffic to all facebook site IPs. The reported ones are
  65.201.208.24/29
  65.204.104.128/28
  66.93.78.176/29
  66.199.37.136/29
  66.220.144.0/20
  67.200.105.48/30
  69.63.176.0/20
  66.92.180.48/28
  69.171.224.0/19
  73.252.64.0/18
  74.119.76.0/22
  204.15.20.0/22
or, in short, hellofalot. You can create a "Reject" policy for HTTP and HTTPS to those adress blocks - or, more smart, fake DNS entries for facebook in your local DNS server. Faking is done by creating
   www.facebook.com
   facebook.com
   login.facebook.com
all with IP 127.0.0.1 (own machine).
0
 

Author Comment

by:Shamil Mohamed
ID: 39845068
Mr Qlemo,

thanks alot for your idea.. But can u please help me how to

"Faking is done by creating
   www.facebook.com
   facebook.com
   login.facebook.com
all with IP 127.0.0.1 (own machine). "

Please..

Thank you
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39845163
If you have an own DNS server running, you'll need to create host entries (type "A") there. Open the DNS Manager, go to "Forward Lookup Zones", create a folder "facebook.com", and create the entries "login", "www" and an empty one, all with 127.0.0.1 as IP.

If you don't use a DNS server, you'll have to open %WinDir%\system32\drivers\etc\hosts, and insert
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com
127.0.0.1   login.facebook.com
there - on each client. This is, of course, unreliable, as everybody is able to remove those entries again if not specially protected.
0
 

Author Comment

by:Shamil Mohamed
ID: 39846300
this actually works bro...

thank you..
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now