Block IP Addresses using Juniper Firewalls

asked Aug 25, 2012 in General by MirrorXYZ (1,400 points)
Hi all..

I want to block specific IP addresses using Juniper Firewalls. How can I create a new policy in Juniper SSG firewall for blocking specific IPs?

Thanks in advanced

1 Answer

0 like 0 dislike
answered Aug 25, 2012 by FixHost (12,380 points)
1.Log into the firewall. You should have an IP and access to it.
2.Go to Policy and expand it and then click on Policies Elements. Expand Addresses and click on List.
3.Choose the source zone from the drop down list and click New.
4.Enter the IP address In the Address Name field. Leave the zone as Untrust and then click OK.
5.To add multiple IP addresses to a blocked list, create a group. Go back to Policy -> Policy Elements- > Addresses -> Group -> then add a new group. Name the group  then move the IP addresses from the left to the right box and click OK.
6.Go to Policy -> Policies and choose the source and distination zone then click New.
7.Choose the source IP address from the Source Address drop down.  If the policy is for multiple sources, then choose the Multiple button and then add multiple sources from the list. From the Destination Address drop down, choose the destination IP address or host. And apply the same for the multiple destination. In case  you didn’t find your source or destination IP or go to  Policy -> Policy Elements -> Addresses -> List. If it it’s not there, add the IP under the appropriate zone.
8.From the Service drop down list, select the service you want to connect  to.
9.To deny the policy go to Action drop down list, select deny.