We have a zones like below,
trust zone is: GI-INT
Untrust zone is: GI-EXT
this is firewall policies already configured on trust and untrust
set security policies from-zone GI-INT to-zone GI-EXT policy test match source-address any
set security policies from-zone GI-INT to-zone GI-EXT policy test match destination-address any
set security policies from-zone GI-INT to-zone GI-EXT policy test match application any
set security policies from-zone GI-INT to-zone GI-EXT policy test then permit
I have created template like this below, as you mentioned ...my doubt is i have to configure new policy for blocking IP address(already Test is the policy) or i have to paste "Test "is the policy here already configured in previous …Please help on this...
set security policies from-zone GI-INT to-zone GI-EXT policy test match source-address any
set security policies from-zone GI-INT to-zone GI-EXT policy test match destination-address 141.101.121.238
set security policies from-zone GI-INT to-zone GI-EXT policy test match application any
set security policies from-zone GI-INT to-zone GI-EXT policy test match dynamic-application any
insert security policies from-zone GI-INT to-zone GI-EXT policy test before policy <policy name which is on top>
insert security policies from-zone GI-INT to-zone GI-EXT policy test before policy test
Thanks
Rakesh
------------------------------
Rakesh A
------------------------------
Original Message:
Sent: 03-17-2023 05:50
From: Brijil
Subject: How to block Public IP
Hello Rakesh,
You can configure a security policy and apply it on the top so that the traffic will be blocked.
example:
set security address-book global address BLOCKED-Address 192.168.0.1
set security policies from-zone trust to-zone untrust policy test match source-address any
set security policies from-zone trust to-zone untrust policy test match destination-address BLOCKED-Address
set security policies from-zone trust to-zone untrust policy test match application any
set security policies from-zone trust to-zone untrust policy test match dynamic-application any
set security policies from-zone trust to-zone untrust policy test then deny
insert security policies from-zone trust to-zone trust policy test before policy <policy name which is on top>
Regards,
------------------------------
Brijil R
Original Message:
Sent: 03-17-2023 02:01
From: Rakesh A
Subject: How to block Public IP
Hi Guys,
We have a requirement from client below,we using SRX 1500 firewall. Please help on this to check......
""We received a request from the government about block the IP 141.y.x.x to be reach by the users attached to the network.""
Can we block this on the Firewall?
Thanks in advance.
Regards,
Rakesh
------------------------------
Rakesh A
------------------------------