SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
ABC-TECH
Contributor
ABC-TECH
Posts: 19
Registered: ‎05-31-2009
0
Accepted Solution

Time based website restriction on SRX 210

Options

‎09-20-2010 12:11 AM

Dears,

 

Can SRX 210 with WF subscription can restrict some sites based on specific time of day.

also can SRX restrict download sizes above a specific size.

 

How can this be done , or point me to any good Documentation for UTM features for SRX.

 


Aji

Message 1 of 4 (7,002 Views)
 
Reply
Super Contributor
colemtb
Posts: 307
Registered: ‎09-30-2009

Re: Time based website restriction on SRX 210

Options

‎09-20-2010 07:19 AM

You could use a simple scheduler on policy and in your permit statement reference the UTM WF policy.  This would require UTM subscribption, not sure on filesize off the top of my head though.

Message 2 of 4 (6,982 Views)
 
Reply
ABC-TECH
Contributor
ABC-TECH
Posts: 19
Registered: ‎05-31-2009
0

Re: Time based website restriction on SRX 210

Options

‎09-20-2010 11:33 PM

Can you make it more elaborate how to make this work. any document which you can point me to ?

Message 3 of 4 (6,948 Views)
 
Reply
Distinguished Expert
Distinguished Expert
muttbarker
Posts: 1,946
Registered: ‎01-29-2008

Re: Time based website restriction on SRX 210

Options

‎09-21-2010 07:17 AM

It is a two part process - you define schedules and then apply that schedule to a policy. To define a schedule you use the following command:

 

set schedulers scheduler name dayOfWeek start-time stop-time

 

So for example if you want a schedule to be active every day from 8 to 5 you would do:

 

set schedulers schedule allow-web daily start-time 08:00 stop-time 17:00

 

You then create your policy and apply the scheduler to that policy. The policy is then "active" during the scheduled time period.

 

set security policies from-zone trust to zone untrust policy  allow-web-out match source-..........

set security policies from-zone trust to zone untrust policy  allow-web-out match destination-.....

set security policies from-zone trust to zone untrust policy  allow-web-out match application ..........

set security policies from-zone trust to zone untrust policy  allow-web-out then permit

set security policies from-zone trust to zone untrust policy  allow-web-out scheduler name allow-web

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 4 of 4 (6,924 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.