vSRX
Highlighted
vSRX

Blocking Youtube, Facebook etc.

[ Edited ]
‎10-04-2019 03:39 AM

Hi guys,

 

I have a problem with vSRX. i tried so many things for that, i almost search every source(google, youtube, j-net, techlibrary etc.) but cant solve anything Smiley Sad

 

i tried web filtering, enhanced filtering but i cant block any web sites on my vSRX. i found a license which is 30 day trial license from juniper.net

 

how can i do that, please help me Smiley Sad(

6 REPLIES 6
Highlighted
vSRX

Re: Blocking Youtube, Facebook etc.

‎10-04-2019 08:03 AM

Hello ajann92,

 

You need to use enhance web filtering which support blocking of websites on HTTPS based but along with that you need to have default pki loaded on the box and ensure that the local certificate is exported to web browser. Please find the below kb details.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB31122

 

There is another way to block via application-firewall but you need appropriate IDP license.Here is the config snippet.

 

show security application-firewall
rule-sets AppFW {
rule BLOCK_YOUTUBE-STREAMING {
match {
dynamic-application [ junos:YOUTUBE-STREAM junos:UNSPECIFIED-ENCRYPTED ];
dynamic-application-group junos:multimedia:web-based;
}
then {
deny;
}
}
default-rule {
permit;
}
}  

Highlighted
vSRX

Re: Blocking Youtube, Facebook etc.

‎10-10-2019 06:39 AM

It isnt work

 

i tried this before by the way

Highlighted
vSRX

Re: Blocking Youtube, Facebook etc.

[ Edited ]
‎10-10-2019 08:51 AM

Hello,

If everything else fails, You can use my post from 2011 for more ideas to try

https://forums.juniper.net/t5/SRX-Services-Gateway/How-can-I-block-HTTPS-website-on-juniper-srx-100/...

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
vSRX

Re: Blocking Youtube, Facebook etc.

‎10-11-2019 01:35 AM

first of all, thanks for replies

 

But it isnt still working, i twrote your idp solution for idp to cli, there was no failed, but when i tried to go to youtube, it was all pass Smiley Very Happy

 

at, j-web, conf. cant commit and it said that destination and host prefixes cant be same but it isnt

 

there is anyone can solve this problem Smiley Very Happy

 

by the way, i tried to open a case to service request but it wants to me to 14 character code, but my vsrxs has 12 character code

Highlighted
vSRX

Re: Blocking Youtube, Facebook etc.

‎10-13-2019 06:28 AM

Hello,

 


@ajann92 wrote:

 

But it isnt still working, i twrote your idp solution for idp to cli, there was no failed, but when i tried to go to youtube, it was all pass Smiley Very Happy

 

 

A dumb question but do You have  license(s) installed?

If not then please follow this KB to get a trial license

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16675&actp=METADATA

 

Trial licenses are available and valid for 4 weeks; you can only fetch a trial license once per year for each device serial number. 
Use the command:
request system license update trial

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
vSRX

Re: Blocking Youtube, Facebook etc.

‎10-14-2019 01:39 AM


Capture.JPGthese are my licenses