Hello all,
I have ISG-1000, SSG-140.
Using the SSG-140, I'd like to block HTTPS URLs such as Facebook, Google and so on.
But, instead of HTTP URLs, whole https URLs were not blocked.
So, I searched this issues, and found two->
One is,
http://forums.juniper.net/t5/SRX-Services-Gateway/How-can-I-block-HTTPS-website-on-juniper-srx-100/m-p/106530
In its URL, following sentence appeared,
1/ DNS doctoring (make your SRX return 127.0.0.1 for *.facebook.com) - SRX must be inline for DNS requests-replies
This will block HTTP and HTTPS acccess to Facebook but I guess you don't need HTTP acccess to Facebook either?
2/ write an IDP policy which matches on SSL Client Hello extension "server_name" and sends a TCP RST if this extension contains "*.facebook.com"
3/ most crude method - write a prefix-list which contains Facebook prefixes (below is from whois query I executed few mins ago)
Actually, I don't know number 1, 2 method correctly.
Especially, I am wondering number 2's propose.
SSG-140 does not support IDP, but ISG-1000 does support IDP.
So using the ISG-1000, can I block HTTPS URLs?
Second is,
The method I should do is using the websense application.
As I searched, websense is a software company, right?
So, should I buy a websense application...?
Please contact me expert.
Thanks.