[j-nsp] SRX AppFW issue
Yuriy B. Borysov
yokodzun at yokodzun.kiev.ua
Wed Oct 22 07:13:02 EDT 2014
Hello!
I have configured application-firewall on SRX220H (12.1X45-D15.5).
Configuration is below:
security application-firewall
rule-sets common-customers {
rule soc-net {
match {
dynamic-application-group [ junos:social-networking junos:web:social-networking ];
}
then {
deny;
}
}
rule bt-block {
match {
dynamic-application-group [ junos:p2p junos:p2p:file-sharing junos:web:p2p junos:web:p2p:file-sharing ];
}
then {
deny;
}
}
rule unknow-staff {
match {
dynamic-application junos:UNSPECIFIED-ENCRYPTED;
}
then {
deny;
}
}
default-rule {
permit;
}
}
security policies from-zone trust to-zone untrust
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
application-firewall {
rule-set common-customers;
}
}
}
}
}
All necessary licenses and signatures installed.
But when I go to facebook.com or vk.com, pages open.
And the counters on the rule "soc-net" show 0:
# run show security application-firewall rule-set all
Rule-set: common-customers
Rule: soc-net
Dynamic Application Groups: junos:social-networking, junos:web:social-networking
Action:deny
Number of sessions matched: 0
Number of sessions redirected: 0
Rule: bt-block
Dynamic Application Groups: junos:p2p, junos:p2p:file-sharing, junos:web:p2p, junos:web:p2p:file-sharing
Action:deny
Number of sessions matched: 95863
Number of sessions redirected: 0
Rule: unknow-staff
Dynamic Applications: junos:UNSPECIFIED-ENCRYPTED
Action:deny
Number of sessions matched: 19296
Number of sessions redirected: 0
Default rule:permit
Number of sessions matched: 172311
Number of sessions redirected: 0
Number of sessions with appid pending: 241
Where am I wrong?
Thanks!
--
WBR, Yuriy B. Borysov
YOKO-UANIC | YOKO-RIPE
More information about the juniper-nsp
mailing list