TXT

how to block facebook via juniper srx

By Thomas Henry,2014-10-12 17:56
17 views 0
how to block facebook via juniper srx

root@srx210h-poe> show configuration security idp custom-attack fb-https

    recommended-action close-client; severity major;

    attack-type {

     signature {

     context ssl-client-hello;

     pattern ".*facebook\.com.*";

     direction client-to-server;

     }

    }

root@srx210h-poe> show configuration security policies from-zone trust to-zone

    untrust

    policy fb-https-block {

     match {

     source-address any;

     destination-address any;

     application junos-https;

     }

     then {

     permit {

     application-services {

     idp;

     }

     }

     log {

     session-close;

     }

     }

    }

    policy default-permit {

     match {

     source-address any;

     destination-address any;

     application any;

     }

     then {

     permit;

     }

    }

================================================================================

    ==================================

[edit security idp]

    root@srx210h-poe# show custom-attack fb-https-server

    recommended-action close-client; severity major;

    attack-type {

     signature {

     context ssl-cert-common-name;

     pattern ".*facebook\.com.*";

     direction server-to-client;

     }

    }

[edit security idp]

    root@srx210h-poe# show custom-attack fb-https-client

    recommended-action close-client; severity major;

    attack-type {

     signature {

     context ssl-client-hello;

     pattern ".*facebook\.com.*";

     direction client-to-server;

     }

    }

[edit security idp]

    root@srx210h-poe# show custom-attack-group facebook-https-block

    group-members [ fb-https-server fb-https-client ];

root@srx210h-poe# show idp-policy fb-https-drop

    rulebase-ips {

     rule 1 {

     match {

     from-zone trust;

     to-zone untrust;

     application junos-https;

     attacks {

     custom-attack-groups facebook-https-block;

     }

     }

     then {

     action {

     recommended;

     }

     notification {

     log-attacks;

     }

     severity major;

     }

     }

    }

Report this document

For any questions or suggestions please email
cust-service@docsford.com