06-11-2009 09:11 PM
I reviewed other 2 security products that have App-ID for application firewall, thats mean near 840 applications as: Public proxies (e.g., Hopster, Kproxy), Private proxies (e.g., CGIproxy ),Tunneling or circumvention applications (e.g., UltraSurf, TOR),Slingbox .
Is it possible with SRX 650 to recognize the applications as Ultrasurf,Tor or Proxies as Hopster or Tunneling as IP over DNS ,directly without to decode the protocol or to write a IDS/IPS rule?
I had read the SRX documentation and didnt find information about it.
Thanks in advance your help
03-30-2011 09:32 PM
I have log case to JTAC and for SRX they didn't have any features yet to block it but I got news from them saying that the IDP team is around the clock to create a signature to block it but they said it going to take a long time.
As for know, I used normal shell script with iptables to block TOR traffic but it will need quite a high end server to do it.
Please refer to this website for more info.
JNCIA-JUNOS JNSS JNSA
03-31-2011 06:44 AM
Enterprise firewalls (SRX100 ~ SRX650) don't have L7 fw fetarue yet, I think that's will be possible on 2H'2011.
Today only datacenter firewalls (SRX1400 ~ SRX5800) have this.