[j-nsp] SSG5: Blocking domains w/o WF feature license?

Sven Juergensen (KielNET) s.juergensen at kielnet.de
Wed Jan 14 05:27:32 EST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,

is it possible to define a mechanism that
prohibits access to domains? Mal-URL
apparently is considered out of date and
possibly deprecated (doesn't work for me
anyway) and doing something like

set address "Untrust" "block" www.google.de


plus putting a policy like

set policy id 2 from "Trust" to "Untrust"  "Any" "block" "ANY" deny


on top of the list does exactly squat,
I can still ping/browse etc to the
Empire. Yes, the DNS-Servers are con-
figured and setting the domain-based
address was successfully looked up.

Now, what am I doing wrong?

Thanks for clueing me in.

Best regards,

Mit freundlichen Gruessen,

i. A. Sven Juergensen

- --
Fachbereich Netze/Projekte

KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel

Telefon : 0431 / 2219-053
Telefax : 0431 / 2219-005
E-Mail  : s.juergensen at kielnet.de
Internet: http://www.kielnet.de

Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)

PGP at
http://pgp.kielnet.de/sjuergensen/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkltvhMACgkQnEU7erAt4TKMZACcDGeBNwXzVZ9I9YDvtJvCGpHu
VrQAniDd8bMPNb4nOP5NTcHcBqxlMntN
=Btsx
-----END PGP SIGNATURE-----


More information about the juniper-nsp mailing list