Uploaded by arakesh403





Task 1

How not to block Facebook, but block Facebook Gaming apps


Task 2

How to limit video streaming on per user basis


Task 3

How to limit video streaming for all the users overall


Task 4

How to block particular set of websites for some particular day


Task 5

How to set custom notification msg, if user is accessing restricted websites




1 you can choose custom categories which only blocks facebook games

2. Qos can be applied per user or Group check point needs to be integrated with ad in order to do name to ip mapping

3, Qos can be applied for streaming category

4, time based rule can be created

5, while creating policy it will have options allow, monitor, warn, block, warn means user needs to acknowledge before proceeding to the website

DNS Notes

A domain level name server may contain a list of DNS servers where a name record is kept. It then informs the resolver of the IP address(es) or location of these DNS servers. The resolver then attempts to query the ADNS servers. It attempts to resolve against the first server (ns1.x.x.x.x), if query fails then it attempts the to query the second (ns2.x.x.x.x) and so forth.

A DNS server may contain multiple addresses for a domain name. When requests are made to the DNS server from the resolver, the server shuffles the multiple IP addresses associated with the domain name then selects one to return to the client.

A name record is constant in a DNS server. For example, if a web server hosting domain www.mywebserver.com which a name record points to is no longer available the name record will continue to point to that server. A GTM device is useful in monitoring servers in a redundant setup and returning an IP address associated with a server which is reachable.

Anyway, if you setup F5 VIP the default TCP protocol profile has two following relevant settings:

Idle Timeout: 300 seconds

Keep Alive Interval: 1800 seconds

The definition of these as per F5 help:

Keep Alive Interval: Specifies, when enabled, how frequently the system sends data over an idle

TCP connection, to determine whether the connection is still valid. The default is 1800 seconds.

Idle Timeout: Specifies the length of time that a connection is idle (has no traffic) before the connection is eligible for deletion. The default is 300 seconds.