Jump to content
Калькуляторы

Juniper SRX-100 Веб-фильтрация

Подскажите, пожалуйста, как заблокировать определенные https-страницы (facebook, youtube, vk и т.д) на данном оборудовании ?

Share this post


Link to post
Share on other sites

Https вероятно не получится. Блокируйте подсети

Share this post


Link to post
Share on other sites

Скачал триал лицензии (срок действия 30 дней):

 

root@jpsrx100> show system license 
License usage: 
                                Licenses     Licenses    Licenses    Expiry
 Feature name                       used    installed      needed 
 av_key_kaspersky_engine               0            1           0    2014-12-31 00:00:00 GMT
 anti_spam_key_sbl                     0            1           0    2014-12-31 00:00:00 GMT
 wf_key_surfcontrol_cpa                1            1           0    2014-12-31 00:00:00 GMT
 idp-sig                               0            1           0    2014-12-31 00:00:00 GMT
 dynamic-vpn                           0            2           0    permanent
 ax411-wlan-ap                         0            2           0    permanent
 appid-sig                             0            1           0    2014-12-31 00:00:00 GMT
 av_key_sophos_engine                  0            1           0    2014-12-31 00:00:00 GMT
 wf_key_websense_ewf                   0            1           0    2014-12-31 00:00:00 GMT

 

 

Обновил и установил последний application package.

 

 

Далее создал свой AppFW Policy. Добавил в него Application signatures (youtube, facebook, vk и т.д):

 

security {
   application-firewall {
       rule-sets my-fw {
           rule my-fw {
               match {
                   dynamic-application [ junos:VK-POST junos:VK-UPLOAD junos:VKONTAKTE junos:FACEBOOK-YOUTUBEBOX junos:FACEBOOK-YOUTUBEVIDEOBOX junos:YOUTUBE junos:YOUTUBE-COMMENT junos:YOUTUBE-STREAM ];
                   dynamic-application-group [ junos:social-networking junos:social-networking:applications junos:social-networking:business junos:web:social-networking junos:web:social-networking:applications junos:web:social-networking:business junos:web:social-networking:facebook junos:web:social-networking:linkedin junos:web:social-networking:myspace junos:multimedia:video-streaming junos:web:multimedia:web-based junos:web:multimedia:audio-streaming junos:web:multimedia:video-streaming junos:web:multimedia:adult junos:web:multimedia ];
               }                       
               then {                  
                   deny;               
               }                       
           }                           
           default-rule {              
               permit;                 
           }                           
       }                               
   }

 

 

В итоге, facebook по https`y не октрывается - то, что надо! Однако, youtube и контакт всё равно продолжают открываться.

В чем проблема, кто знает?

Share this post


Link to post
Share on other sites

Вот такой конструкт висит на "полисере", привязанного к халявному сиду wifi. Работает. Кстати какой версии софт?

Рекомендую перебраться на 12.1X47-D15.4 (хоть он и не рекамендованный) зато плюшки в виде авторизации пользователей из AD и AppFW 2.0

Дома стоит такой софт, вроде особых неудобств не испытываю. Заметил кое-какие проблемы с переконфигурированием vlan'ов но не кретично. VPN работает, ospf работает. Для дома достаточно.

 

set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:APPLE
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:VKONTAKTE
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:FACEBOOK-ACCESS
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:ODNOKLASSNIKI
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:TWITTER
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network match dynamic-application junos:MYSPACE
set security application-firewall rule-sets Trust-App-Firewall rule Social-Network then deny
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:9GAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:ADDICTINGGAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:AGAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:AIAIGAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:ARMOR-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:ARMORGAMES-PLAY
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:BAIDU-HI-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:FLASHGAMES247
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMEBASE-TW
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMECENTER
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMECENTER-SSL
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMER-TW
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMERDNA
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMES-CO
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMESDOTCOM
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMESMOMO
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:GAMESTORRENTS
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:HANGAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:HINET-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:I-GAMER
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:KAROSGAME
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:LINE-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:MAIL-RU-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:MYSPACE-MINDJOLTGAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:MYSPACE-YOO-MEE-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:PCGAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:POPCAP-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:POPCAP-GAMES-PLAY
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:QQGAMES-2-TCP
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:QQGAMES-HTTP
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:YAHOO-GAMES
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:STEAM-FRIENDS
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:STEAM-STORE
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:STEAM-STORE-LOGIN
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application junos:STEAM-USER-AGENT
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application-group junos:gaming
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application-group junos:gaming:protocols
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network match dynamic-application-group junos:gaming:web-based
set security application-firewall rule-sets Trust-App-Firewall rule Gaming-Network then deny
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:BITTORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:BITTORRENT-APPLICATION
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:BITTORRENT-WEB-CLIENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:BITVAULTTORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:CENTRAL-TORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:ENERGY-TORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:EXTRATORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:FREETORRENT
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:GAMESTORRENTS
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:KICKASSTORRENTS
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TOR
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENT411
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTDOWNLOADS
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTHOUND
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTINO-RU
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTLEECH
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTREACTOR
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application junos:TORRENTZ
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:p2p
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:p2p:file-sharing
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:web:p2p:file-sharing
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:web:proxy
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network match dynamic-application-group junos:web:p2p
set security application-firewall rule-sets Trust-App-Firewall rule PTP-Network then deny
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network match dynamic-application junos:ALIBABA
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network match dynamic-application junos:ALIBABA-MOBILE-USER-AGENT
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network match dynamic-application junos:ALIEXPRESS
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network match dynamic-application-group junos:web:shopping
set security application-firewall rule-sets Trust-App-Firewall rule Shoping-Network then deny
set security application-firewall rule-sets Trust-App-Firewall default-rule permit

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this