Accept the Right, Deny the Wrong: Add Flexibility to your Juniper Firewall

03 19 2013 19:10:40 10.128.68.92 Juniper: 2013-03-19 19:10:40 - JuniperFirewall01 - [] \()[Standard User Profile] - Requesting user to confirm access to invalid SSL site - Host: 10.1.0.50, Port: 443, Request: GET /index.php HTTP/1.1

Here’s an interesting event we caught this week. In this case, a Juniper Firewall has identified a user accepting an invalid SSL cert. This could be a sign of a man-in-the-middle attack or spoofed website.

The Juniper can be configured to explicitly deny this traffic, but in this case is allowing the traffic and logging the activity. This will add flexibility to your Juniper deployment as you can give your users permission to accept certificates but still audit the activity later.