Solved

Block IP with Juniper SSG5

Posted on 2014-12-11
3
288 Views
Last Modified: 2014-12-12
I have intermedia as my hosted exchange solution. Intermedia keeps blocking my public IP because they said that my network is trying to connect to their server via RDP protocol.

I logged in to SSG5 to see if i could find anything and the only suspicious thing I saw was. untrust-local... to trust (any > any). I deleted it.

I only have one user who logins to a computer remotely via RDP.  I don't know how to scan the network to see which computer is sending mass traffic to their servers. I installed wireshark but I don't really know how to use it.

any suggestions?

BTW, I scanned all computers and did remove viruses/trojans from a couple, intermedia unblocked it and email worked again, but this is the third time they blocked it.
0
Comment
Question by:Anthony H.
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40495702
To block RDP to a specific public IP address, create a policy Trust to Untrust with adresses Any and that public IP, and RDP as service. Make sure to check the "top" option so the policy is applied before any other policy. Action is Deny.
0
 

Author Comment

by:Anthony H.
ID: 40496622
i also closed from untrust to trust. It should be OK to reopen that right?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40497484
Untrust is Internet. You don't want to block RDP from internet to LAN, do you?  So remove it,  or leaves it alone if it doesn't matter for you. By default all Untrust traffic is blocked unless explicitly allowed.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question