Can I block 1500 unique IPs without overloading ISG2000 ?

bimbayo · ‎04-02-2012

Hello.....

We utilize a pair of M120 Routers as Internet Gateways and behind them is a pair of ISG2000 Firewalls.

As a mobile network, we frequently have up to half a million active sessions.

We have received a Security Bullentin indicating some DoS attacks and advising us to block about 1000 unique IP addresses [non-contiguous].

We have two options : Firewall Filters on the M120 or add them in the black list of the ISG2000 FIrewalls.

My question is; which is a safer option, and do you have any experience with blocking such a large set of IPs.

Are these some options that are even better? And is there a shortcut to adding 1000 IPs [maybe uploading a file instead of adding one by one]

Thanks

Bayo

nikolay.semov · ‎03-15-2012

Latter part: transfer to Excel in a column, add CLI commands in other columns, use CONCATENATE to compose whole commands, drag, then save in CSV to "flatten out" the formula, then back in Excel to isolate just column with whole command, then save as TXT. Finally, chop down to edible pieces and serve to device on CLI.

Also, not sure about the ISG, but I do remember seeing something cautionary mentioned in the JUNOS release notes regarding large firewall filters.

ed_gpc · ‎09-21-2010

ISG2k will not have a problem with this. It's not a firewall filter here, it's a security policy.

Can I block 1500 unique IPs without overloading ISG2000 ?

Re: Can I block 1500 unique IPs without overloading ISG2000 ?

Re: Can I block 1500 unique IPs without overloading ISG2000 ?