Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to block/permit any application/traffic for a specific time only using policy and schedulers

0

0
Article ID: KB27353 KB Last Updated: 03 Jul 2020Version: 2.0 Summary:

This article provides information about how to permit/allow any application or traffic for a specific time only.

Symptoms:

It maybe necessary to block some traffic for a time period and permit it otherwise or vice-versa. For example, an administrator might want to block unwanted traffic such as Torrent/Facebook/Chat or some other application traffic (could also be source/destination based traffic) during office hours and allow it otherwise. In this scenario, we need to set a schedule that allows a policy to be used for packet match checks during specific hours. Otherwise, the policy should remain inactive.

Solution:

We can achieve this goal with the help of schedulers and security policies. It is a two step process which includes 1) Define a scheduler 2) Apply the scheduler to the security policy which blocks/allow the traffic. To understand this better, let us take an example. In this scenario, the user wants to block all traffic which is hitting a security policy from 8AM to 6 PM on weekdays (Monday-Friday). Below is the procedure to follow:

Define a scheduler for the required time - (in this example, from 8 AM to 6 PM daily, and excluded Saturday and Sunday) 

user@host# set schedulers scheduler block_traffic daily start-time 08:00:00 stop-time 18:00:00
user@host# set schedulers scheduler block_traffic sunday exclude
user@host# set schedulers scheduler block_traffic saturday exclude

Hierarchical structure should be like this:

[edit schedulers]
user@host# show
scheduler block_traffic {
     daily {
         start-time 08:00:00 stop-time 18:00:00;
     }
     sunday exclude;
     saturday exclude;
}

Define a policy and bind the policy with the scheduler which we have configured:

user@host# set security policies from-zone trust to-zone protected_resource policy trust_to_protected scheduler-name block_traffic

Hierarchy should look like:

[edit security policies]
user@host# show
from-zone trust to-zone protected_resource {
    policy trust_to_protected {
         match {
             source-address any;
             destination-address any;
             application any;
          }
          then {
               deny;
               }
      }
scheduler-name block_traffic;
}

Commit the configuration:

[edit]
user@host# commit
commit complete

This policy will now be in effect and block the traffic from trust to protected_resource only during the time mentioned in the scheduler. Other than this time, it will be deactivated and users will be able to access protected_resource from trust.

Modification History:
2020-07-02: Article reviewed for accuracy. Article is correct and complete.

Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search