INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

SSG-140 block P2P - how to forward all traffic on port 53 to OpenDNS?

SSG-140 block P2P - how to forward all traffic on port 53 to OpenDNS?

SSG-140 block P2P - how to forward all traffic on port 53 to OpenDNS?

(OP)
We have SSG-140 acting as DHCP server for local networks. We are using ISP DNS setings. We have request to block all P2P traffic. I know that we need IDP for this, but for now we will try OpenDNS. We want to prevent users to stay blocked even if they change dns on their machines (they all have admin privileges).
So the question is how to forward all traffic from LAN on port 53 to OpenDNS on SSG-140 firewall.
Is anybody have some experience how many users can OpenDNS serve without slowing down the internet.

Thanks.

RE: SSG-140 block P2P - how to forward all traffic on port 53 to OpenDNS?

If you want to block all P2P traffic, then write a firewall policy to block that port service for all users. What does DNS have to do with P2P?

For DNS you can set a host DNS in the SSG, you can have three of them if you want to use a different DNS other than the ISP. You might review the admin guide for info on DNS specifications.

....JIM....

RE: SSG-140 block P2P - how to forward all traffic on port 53 to OpenDNS?

(OP)
You can't block all P2P traffic on SSG firewall. You need IDP. IDP can detect P2P and together with firewall you can block certain ports.
For free I can use OpenDNS and block everything I want.

 

RE: SSG-140 block P2P - how to forward all traffic on port 53 to OpenDNS?

So, if you need IDP get the license, otherwise what is your point?


....JIM....
 

RE: SSG-140 block P2P - how to forward all traffic on port 53 to OpenDNS?

(OP)
I think that UTM security features on SSG don't have IDP. I was thinking on Intrusion Detection and Prevention Appliances.
I found answer on Juniper forum.
What's you point to get license? I have SSG-140 with full security. What license to get?!

I found that if P2P application uses port 80, with deny rule you are blocking regular port 80 traffic. So the only solution is inline IDP device.
We are not buying the device so I will use OpenDNS for now. Like the man said:
Create two policies so users can be directed to use OpenDNS.

from trust to untrust permit dns to the opendns servers
from trust to untrust deny dns to any address

Thanks anyway.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close