Screen OS

Hi Guys,

We are trying to block this malicious website (http://www.dgnfd564sdf.com). How can we block it on our SSG5 running on 6.3.0r16.0? Ive tried to follow these KB articles but the options are different on our firewall.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB6472

http://kb.juniper.net/InfoCenter/index?page=content&id=KB4320&actp=search&searchid=1257352451585

Thank You,

Arnel

The first article kb6472 should be the one that applies to your version of ScreenOS 6.3.

Which steps are you having difficulty with?

Hi Steve,

Im stuck in step 2. I cant find Objects > Addresses > List in our firewall's web interface. Where can I find it instead?

Thank You,

Arnel

I see now, yes that path is incorrect:

Policies--Policy Elements--Addresses

List

Hi Steve,

Thank you very much and apologies for my late response. I was able to pass step 2 but im stuck again in step 7. Where can I find Objects > Addresses > Group? Is it Objects > Usesr > Local Groups? Im just not sure because there is Local and External Groups as well (see attached). Please advise.

Thanks again,

Arnel

Never mind Steve. I think I found it. Its under Policies--Policy Elements--Addresses --Groups. Anyway, I have another question. If we block http://www.dgnfd564sdf.com , will it cover the other URLs in the attached screenshot? Please advise.

Thank You,

Arnel

Yes, all those examples will be blocked.

When you create an address object based on a DNS name you just enter the portion between the // and the first / in this case:

www.dgnfd564.com

ScreenOS converts these on the fly to the ip addresses in DNS and blocks or permits any attempt on those addresses.

Thanks a lot Steve! 🙂