[j-nsp] SSG5: Blocking domains w/o WF feature license?
Sven Juergensen (KielNET)
s.juergensen at kielnet.de
Wed Jan 14 05:27:32 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
is it possible to define a mechanism that
prohibits access to domains? Mal-URL
apparently is considered out of date and
possibly deprecated (doesn't work for me
anyway) and doing something like
set address "Untrust" "block" www.google.de
plus putting a policy like
set policy id 2 from "Trust" to "Untrust" "Any" "block" "ANY" deny
on top of the list does exactly squat,
I can still ping/browse etc to the
Empire. Yes, the DNS-Servers are con-
figured and setting the domain-based
address was successfully looked up.
Now, what am I doing wrong?
Thanks for clueing me in.
Best regards,
Mit freundlichen Gruessen,
i. A. Sven Juergensen
- --
Fachbereich Netze/Projekte
KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel
Telefon : 0431 / 2219-053
Telefax : 0431 / 2219-005
E-Mail : s.juergensen at kielnet.de
Internet: http://www.kielnet.de
Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)
PGP at
http://pgp.kielnet.de/sjuergensen/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkltvhMACgkQnEU7erAt4TKMZACcDGeBNwXzVZ9I9YDvtJvCGpHu
VrQAniDd8bMPNb4nOP5NTcHcBqxlMntN
=Btsx
-----END PGP SIGNATURE-----
More information about the juniper-nsp
mailing list