[j-nsp] Enhanced Web Filtering and Websense (Skeeve Stevens)

Sinisa Pesa sinisa.pesa at bluecentral.com
Thu May 1 20:28:09 EDT 2014


Hi Skeeve,

I haven't used this feature but this is what would I check first.


Looking at web log provided:

10.x.x.x - - [28/Apr/2014:10:27:32 +1000] "x HTTP/1.1" 304 - "
http://blocked.xxxxx.com/?JNI_URL=www.9to5mac.com/&JNI_REASON=BY_SITE_REPUTATION&JNI_CATEGORY=Enhanced_Information_Technology&JNI_REPUTATION=HARMFUL&JNI_POLICY=POLICY_EWF_STANDARD&JNI_SRCIP=x.x.x.x&JNI_SRCPORT=11742&JNI_DSTIP=x.x.x.x&JNI_DSTPORT=80"
"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/34.0.1847.116 Safari/537.36"



What is IP in DSTIP=x.x.x.x ?

Source PC that requested the page might be infected with malware, if destination IP does not match dns record of www.9to5mac.com that can be a hint.

Also what is"http://blocked.xxxxx.com/?" in that web log? Is it part of original request?



Regards,

Sinisa Pesa
Senior Network and Security Specialist
www.bluecentral.com

________________________________________
From: juniper-nsp [juniper-nsp-bounces at puck.nether.net] On Behalf Of juniper-nsp-request at puck.nether.net [juniper-nsp-request at puck.nether.net]
Sent: Friday, 2 May 2014 2:00 AM
To: juniper-nsp at puck.nether.net
Subject: juniper-nsp Digest, Vol 138, Issue 1

Send juniper-nsp mailing list submissions to
        juniper-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://puck.nether.net/mailman/listinfo/juniper-nsp
or, via email, send a message with subject or body 'help' to
        juniper-nsp-request at puck.nether.net

You can reach the person managing the list at
        juniper-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of juniper-nsp digest..."


Today's Topics:

   1. Re: Junos Dynamic VPN (Tim Dykes)
   2. Re: Rstp or stp (Tim Dykes)
   3. Limitations of MPLS support on EX4200 (Victor Sudakov)
   4. Re: Limitations of MPLS support on EX4200 (Dale Shaw)
   5. Re: Limitations of MPLS support on EX4200 (Jerry Jones)
   6. Re: Limitations of MPLS support on EX4200 (Eric Van Tol)
   7. Enhanced Web Filtering and Websense (Skeeve Stevens)
   8. Re: Enhanced Web Filtering and Websense (Skeeve Stevens)


----------------------------------------------------------------------

Message: 1
Date: Thu, 1 May 2014 14:38:06 +1000
From: Tim Dykes <ttdykes at gmail.com>
To: Ali Sumsam <ali+junipernsp at eintellego.net>
Cc: "<juniper-nsp at puck.nether.net>" <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] Junos Dynamic VPN
Message-ID:
        <CAJ=3pYFDk=rGm+wx=JjeLOSCaw0aJg3kuo0aNm9nRhFZ0FzBfg at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Dynamic VPN on SRX is a pain in the ass. doesnt do half of what you would
expect it to do. Go a SA instead.

Its built on IPSec (unlike the MAG which is ssl vpn)

Pulse from a mobile will work, Pulse on a Mac wont. Heres the official list:

*Junos Pulse*

   - Vista (32-bit and 64-bit)
   - Windows XP (32-bit and 64-bit)
   - Windows 7 (32-bit and 64-bit)
   - Windows 8.0 (32-bit and 64-bit)
   - Windows 8.1 (32-bit and 64-bit)

*Junos Access Manager*

   - Windows XP 32-bit and 64-bit with any service pack
   - Windows Vista 32-bit and 64-bit with any service pack
   - Windows 7 32-bit and 64-bit with any service pack (Junos 10.4 and
   above only)




I dont think you can route from a client though the ipsec session (if thats
what you mean). Once you are in the VPN public IP's dont mean much and
return routes are hard to install for a dynamic session. I would suggest a
true IPSec (device to device) vpn for that.

Tim Dykes

M: 041 962 0603
E: ttdykes at gmail.com


On Wed, Apr 30, 2014 at 12:50 PM, Ali Sumsam
<ali+junipernsp at eintellego.net>wrote:

> Hi all,
>
> I have a SRX240 cluster and doing VPN to it using Junos pulse client.
>
> My first question is, can we use a mac or windows client to connect this
> VPN rather than the Junos Pulse?
>
> One of the options, Junose pulse shows is the "SRX". What is the protocol
> behind VPN Type "SRX"?
>
> My second question is about the routing through the VPN session. Is it
> possible to run the internet through the VPN. Has someone ever done that?
>
> My rough idea is, If I send default route to the VPN client
>  and
> on the client's PC, set a route in which pointing SRX's public IP towards
> the main internet connection of the PC.
> This way SRX public IP will be reachable from the client's PC and default
> route will be pointing towards the VPN.
>
> Please comment.
>
> Thanks,
>
> *Ali Sumsam - *eintellego Networks Pty Ltd
> Senior Network Engineer
> ali at eintellegonetworks.com ; www.eintellegonetworks.com
>
> Phone: 1300 239 038; Cell +61 (0)450 609 592 ; skype://sumsam.ali80
>
> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> linkedin.com/in/alisumsam
>
>
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


------------------------------

Message: 2
Date: Thu, 1 May 2014 14:54:22 +1000
From: Tim Dykes <ttdykes at gmail.com>
To: Rodrigo Augusto <rodrigo at 1telecom.com.br>
Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] Rstp or stp
Message-ID:
        <CAJ=3pYEb-Jgn8vgNO0n9huC8Wws64-6_dU+9ffMry63620g+qQ at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

That doc is correct for the commands to implement rstp on JunOS.

But you really need to read and understand what you are trying to configure
before you just light it up.

Tim Dykes

M: 041 962 0603
E: ttdykes at gmail.com


On Sun, Apr 13, 2014 at 10:27 PM, Rodrigo Augusto
<rodrigo at 1telecom.com.br>wrote:

> Hi folks!!!
> What i have to do to configuring rstp on my network?!
> I have 6 switchs ex3300 in-line and the last switch have a other fiber
> route to the first switch .
> In lab i follow this doc :
>
> http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/layer-2-services-stp-configuration-rstp.html
> But i don't know is this correct form.
>
> I use vlan tagging on xe interfaces to transport vlans to our customers
> and if open the fiber A i want to transport all vlans to fiber B
>
> Enviado via iPhone ?
> Grupo Connectoway
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


------------------------------

Message: 3
Date: Thu, 1 May 2014 14:15:36 +0700
From: Victor Sudakov <vas at mpeks.tomsk.su>
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Limitations of MPLS support on EX4200
Message-ID: <20140501071536.GA84557 at admin.sibptus.tomsk.ru>
Content-Type: text/plain; charset=us-ascii

Colleagues,

Is MPLS support on EX4200 not complete? It is not a router after all,
it is an L3 switch, so I expect there to be limitations.
Where can I read more about EX4200 MPLS limitations and supported features?

E.g. I cannot find "ldp" under "edit protocols".

I have an Advanced license installed with says:

admin at sw-us-parabel> show system license
License usage:
                                 Licenses     Licenses    Licenses    Expiry
  Feature name                       used    installed      needed
  bgp                                   0            1           0    permanent
  isis                                  0            1           0    permanent
  mpls                                  0            1           0    permanent



--
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru


------------------------------

Message: 4
Date: Thu, 1 May 2014 17:28:51 +1000
From: Dale Shaw <dale.shaw+j-nsp at gmail.com>
To: Victor Sudakov <vas at mpeks.tomsk.su>
Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] Limitations of MPLS support on EX4200
Message-ID:
        <CAG_V284QBppMdwg-Bv3DVHaQS5pTkBLEVUhEZpUsGgBu5hA_KQ at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Hi Victor,

On Thu, May 1, 2014 at 5:15 PM, Victor Sudakov <vas at mpeks.tomsk.su> wrote:
>
> Is MPLS support on EX4200 not complete? It is not a router after all,
> it is an L3 switch, so I expect there to be limitations.
> Where can I read more about EX4200 MPLS limitations and supported
features?

This may help; see:

http://www.juniper.net/techpubs/en_US/release-independent/nce/information-products/topic-collections/nce/nce0115-mpls-switching-faq/mpls-switching-frequently-asked-questions.pdf

cheers,
Dale


------------------------------

Message: 5
Date: Thu, 1 May 2014 06:56:35 -0500
From: Jerry Jones <jjones at danrj.com>
To: Victor Sudakov <vas at mpeks.tomsk.su>
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Limitations of MPLS support on EX4200
Message-ID: <BA0DA554-9661-4AB4-811C-C005D3064069 at danrj.com>
Content-Type: text/plain;       charset=us-ascii

My favorite place to go and find out if a feature is available for any platform vs release is the feature explorer. It really does a nice quick job and produces a nice savable output

http://pathfinder.juniper.net/feature-explorer/

On May 1, 2014, at 2:15 AM, Victor Sudakov <vas at mpeks.tomsk.su> wrote:

Colleagues,

Is MPLS support on EX4200 not complete? It is not a router after all,
it is an L3 switch, so I expect there to be limitations.
Where can I read more about EX4200 MPLS limitations and supported features?

E.g. I cannot find "ldp" under "edit protocols".

I have an Advanced license installed with says:

admin at sw-us-parabel> show system license
License usage:
                                Licenses     Licenses    Licenses    Expiry
 Feature name                       used    installed      needed
 bgp                                   0            1           0    permanent
 isis                                  0            1           0    permanent
 mpls                                  0            1           0    permanent



--
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



------------------------------

Message: 6
Date: Thu, 1 May 2014 09:47:48 -0400
From: Eric Van Tol <eric at atlantech.net>
To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] Limitations of MPLS support on EX4200
Message-ID:
        <2C05E949E19A9146AF7BDF9D44085B8670E0BE7DC6 at exchange.aoihq.local>
Content-Type: text/plain; charset="us-ascii"

> -----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> Of Jerry Jones
> Sent: Thursday, May 01, 2014 7:57 AM
> To: Victor Sudakov
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Limitations of MPLS support on EX4200
>
> My favorite place to go and find out if a feature is available for any
> platform vs release is the feature explorer. It really does a nice quick
> job and produces a nice savable output
>
> http://pathfinder.juniper.net/feature-explorer/

Yeah, if only the data it produced was actually correct.  I wasn't aware that the MX80 supported Virtual Chassis, 100-Gigabit Ethernet MICs, MX-MPC2-3D MPCs, and any number of DPCs, but according to Feature Explorer, all these things are supported.

-evt



------------------------------

Message: 7
Date: Fri, 2 May 2014 00:36:25 +1000
From: Skeeve Stevens <skeeve+junipernsp at eintellegonetworks.com>
To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
Subject: [j-nsp] Enhanced Web Filtering and Websense
Message-ID:
        <CAEUfUGOjrF8sBx6j=iOqbHv+MVS_ukuYpi397eUdS8BtXJUJTg at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Hey all,

I have a license for Enhanced Web Filtering for a cluster of SRX550's....
but... there is a site being caught 'by reputation' that shouldn't be:
www.9to5mac.com

We seem to have no access to tools on their website or anyway to lookup a
site and see why the reputation is bad.

Does anyone have any thoughts or know of a way to access to the tool... or ?

Thanks all.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering


------------------------------

Message: 8
Date: Fri, 2 May 2014 00:46:35 +1000
From: Skeeve Stevens <skeeve+junipernsp at eintellegonetworks.com>
To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] Enhanced Web Filtering and Websense
Message-ID:
        <CAEUfUGOF8CRVC39_qUQ=-qu8Q1OGX0USzQ6DFb_eQj1YrMxMrw at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Sorry, here is the web log.

10.x.x.x - - [28/Apr/2014:10:27:32 +1000] "x HTTP/1.1" 304 - "
http://blocked.xxxxx.com/?JNI_URL=www.9to5mac.com/&JNI_REASON=BY_SITE_REPUTATION&JNI_CATEGORY=Enhanced_Information_Technology&JNI_REPUTATION=HARMFUL&JNI_POLICY=POLICY_EWF_STANDARD&JNI_SRCIP=x.x.x.x&JNI_SRCPORT=11742&JNI_DSTIP=x.x.x.x&JNI_DSTPORT=80"
"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/34.0.1847.116 Safari/537.36"


...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering


On Fri, May 2, 2014 at 12:36 AM, Skeeve Stevens <
skeeve+junipernsp at eintellegonetworks.com> wrote:

> Hey all,
>
> I have a license for Enhanced Web Filtering for a cluster of SRX550's....
> but... there is a site being caught 'by reputation' that shouldn't be:
> www.9to5mac.com
>
> We seem to have no access to tools on their website or anyway to lookup a
> site and see why the reputation is bad.
>
> Does anyone have any thoughts or know of a way to access to the tool... or
> ?
>
> Thanks all.
>
> ...Skeeve
>
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> linkedin.com/in/skeeve
>
> twitter.com/theispguy ; blog: www.theispguy.com
>
>
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>


------------------------------

Subject: Digest Footer

_______________________________________________
juniper-nsp mailing list
juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

------------------------------

End of juniper-nsp Digest, Vol 138, Issue 1
*******************************************


IMPORTANT NOTICE: This email (and any attachments) is only for the personal use of the intended recipient and may contain information that is confidential to BlueCentral or the intended recipient. If you have received this message by mistake, BlueCentral does not authorize you to act on it and asks you to notify us immediately (at the email address shown above) and delete the message from your system. BlueCentral does not accept responsibility for any loss or damage caused by a computer virus, trojan horse, worm or similar program that may have attached itself to this message.



More information about the juniper-nsp mailing list