SRX Services Gateway
Reply
Contributor
Dan_Wells
Posts: 16
Registered: ‎09-03-2009
0

How To: block executables but allow windows update

Here is what I want to create a recipe for:

 

I want to block the download of executable files by everyone but a select few, without blocking microsoft / windows update.

 

Here is what I think should be happening am guessing I need to set up a policy that 1 allows unfettered access to "Microsoft Update" and "Windows Update".  Let me do the textual equivalent of thinking out loud.

 

I create a UTM Custom Objects File Extension list for executables.

I create a Content Filtering profile that identifies the list as the allowed list

I create a different Content Filtering profile that identifies the list as the list to block

I create a UTM policy that identifies this Content Filtering Profile allowing access to Windows updates

I create a Security policy that ties the UTM policy to going to the Microsoft Updates sites

A create a Security policy that ties the blocking content and position it after the one allowing the Windows update access.

 

Is that about right?  I may have some questions about the mechanics when I get into it.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.