Action Plan:
To block “http://www.face.com” for users/subnet using Juniper web-filtering and IDP configuration
Web filtering configuration:
#set security utm custom-objects url-pattern facebook value “http://www.facebook.com”
#set security utm custom-objects custom-url-category facebook value facebook
#set security utm feature-profile web-filtering url-blacklist custom-deny
#set security utm feature-profile web-filtering type juniper-local
#set security utm feature-profile web-filtering juniper-local profile local-engine default permit
#set security utm utm-policy webfiltering web-filtering http-profile local-engine For blocking https
IDP configuration:
[edit security idp]
# set custom-attack youtube_block recommended-action close-client
# set custom-attack youtube_block severity major;
# set custom-attack youtube_block attack-type signature context ssl-cert-common-name
# set custom-attack youtube_block attack-type signature pattern “.*facebook\.com.*”
# set custom-attack youtube_block attack-type signature direction server-to-client
#set custom-attack youtube_client_block recommended-action close-client
# set custom-attack youtube_client_block severity majo
# set custom-attack youtube_client_block attack-type signature context ssl-client-hello
# set custom-attack youtube_client_block attack-type signature pattern “.*facebook\.com.*”
# set custom-attack youtube_client_block attack-type signature direction client-to-server
#set custom-attack-group yout_blck group-members [ facebook_client_block facebook_block ]
#set idp-policy youtube_blck_policy rulebase-ips rule 1 match from-zone
trust to-zone untrust application junos-https attacks
custom-attack-groups yout_blck
#set idp-policy youtube_blck_policy rulebase-ips rule 1 then action recommended
#set idp-policy youtube_blck_policy rulebase-ips rule 1 then notification log-attacks severity major
No comments:
Post a Comment