Jump to content

Juniper SRX-100

Casuistic
 Share

Recommended Posts

Casuistic

Casuistic

Posted
  • Author
Posted

Скачал триал лицензии (срок действия 30 дней):

 

root@jpsrx100> show system license 
License usage: 
                                Licenses     Licenses    Licenses    Expiry
 Feature name                       used    installed      needed 
 av_key_kaspersky_engine               0            1           0    2014-12-31 00:00:00 GMT
 anti_spam_key_sbl                     0            1           0    2014-12-31 00:00:00 GMT
 wf_key_surfcontrol_cpa                1            1           0    2014-12-31 00:00:00 GMT
 idp-sig                               0            1           0    2014-12-31 00:00:00 GMT
 dynamic-vpn                           0            2           0    permanent
 ax411-wlan-ap                         0            2           0    permanent
 appid-sig                             0            1           0    2014-12-31 00:00:00 GMT
 av_key_sophos_engine                  0            1           0    2014-12-31 00:00:00 GMT
 wf_key_websense_ewf                   0            1           0    2014-12-31 00:00:00 GMT

 

 

Обновил и установил последний application package.

 

 

Далее создал свой AppFW Policy. Добавил в него Application signatures (youtube, facebook, vk и т.д):

 

security {
   application-firewall {
       rule-sets my-fw {
           rule my-fw {
               match {
                   dynamic-application [ junos:VK-POST junos:VK-UPLOAD junos:VKONTAKTE junos:FACEBOOK-YOUTUBEBOX junos:FACEBOOK-YOUTUBEVIDEOBOX junos:YOUTUBE junos:YOUTUBE-COMMENT junos:YOUTUBE-STREAM ];
                   dynamic-application-group [ junos:social-networking junos:social-networking:applications junos:social-networking:business junos:web:social-networking junos:web:social-networking:applications junos:web:social-networking:business junos:web:social-networking:facebook junos:web:social-networking:linkedin junos:web:social-networking:myspace junos:multimedia:video-streaming junos:web:multimedia:web-based junos:web:multimedia:audio-streaming junos:web:multimedia:video-streaming junos:web:multimedia:adult junos:web:multimedia ];
               }                       
               then {                  
                   deny;               
               }                       
           }                           
           default-rule {              
               permit;                 
           }                           
       }                               
   }

 

 

В итоге, facebook по https`y не октрывается - то, что надо! Однако, youtube и контакт всё равно продолжают открываться.

В чем проблема, кто знает?

NikBSDOpen

NikBSDOpen

Posted
Posted

Вот такой конструкт висит на "полисере", привязанного к халявному сиду wifi. Работает. Кстати какой версии софт?

Рекомендую перебраться на 12.1X47-D15.4 (хоть он и не рекамендованный) зато плюшки в виде авторизации пользователей из AD и AppFW 2.0

Дома стоит такой софт, вроде особых неудобств не испытываю. Заметил кое-какие проблемы с переконфигурированием vlan'ов но не кретично. VPN работает, ospf работает. Для дома достаточно.

 

set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:APPLE
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:VKONTAKTE
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:FACEBOOK-ACCESS
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:ODNOKLASSNIKI
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:TWITTER
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:MYSPACE
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network then deny
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:9GAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:ADDICTINGGAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:AGAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:AIAIGAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:ARMOR-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:ARMORGAMES-PLAY
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:BAIDU-HI-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:FLASHGAMES247
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMEBASE-TW
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMECENTER
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMECENTER-SSL
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMER-TW
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMERDNA
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMES-CO
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMESDOTCOM
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMESMOMO
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMESTORRENTS
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:HANGAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:HINET-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:I-GAMER
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:KAROSGAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:LINE-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:MAIL-RU-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:MYSPACE-MINDJOLTGAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:MYSPACE-YOO-MEE-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:PCGAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:POPCAP-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:POPCAP-GAMES-PLAY
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:QQGAMES-2-TCP
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:QQGAMES-HTTP
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:YAHOO-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:STEAM-FRIENDS
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:STEAM-STORE
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:STEAM-STORE-LOGIN
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:STEAM-USER-AGENT
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application-group junos:gaming
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application-group junos:gaming:protocols
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application-group junos:gaming:web-based
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network then deny
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:BITTORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:BITTORRENT-APPLICATION
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:BITTORRENT-WEB-CLIENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:BITVAULTTORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:CENTRAL-TORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:ENERGY-TORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:EXTRATORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:FREETORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:GAMESTORRENTS
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:KICKASSTORRENTS
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TOR
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENT411
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTDOWNLOADS
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTHOUND
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTINO-RU
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTLEECH
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTREACTOR
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTZ
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:p2p
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:p2p:file-sharing
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:web:p2p:file-sharing
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:web:proxy
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:web:p2p
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network then deny
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network match dynamic-application junos:ALIBABA
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network match dynamic-application junos:ALIBABA-MOBILE-USER-AGENT
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network match dynamic-application junos:ALIEXPRESS
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network match dynamic-application-group junos:web:shopping
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network then deny
set security application-firewall rule-sets Trust-App-Firewall default-rule permit

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.