This article explains how to configure a specific IP to bypass SkyATP inspection.
When SkyATP is configured on SRX, all traffic through security policy which is using SkyATP will be inspected. If the device downloaded malware or accessed C&C server, the device will be blocked. However, in certain cases, some devices or IPs need to be excluded from SkyATP inspection. The following scenarios explain how to exclude specific IP addresses:
Topology:

SkyATP is configured on SRX to check traffic between the Trust zone and Untrust zone. The security-intelligence policy (secintel_policy) and advanced-anti-malware policy (aamw-policy) are configured in security policy as shown below:
Configuration:
set security policies from-zone Trust to-zone Untrust policy Trust-Untrust match source-address any
set security policies from-zone Trust to-zone Untrust policy Trust-Untrust match destination-address any
set security policies from-zone Trust to-zone Untrust policy Trust-Untrust match application any
set security policies from-zone Trust to-zone Untrust policy Trust-Untrust then permit application-services security-intelligence-policy secintel-policy
set security policies from-zone Trust to-zone Untrust policy Trust-Untrust then permit application-services advanced-anti-malware-policy aamw-policy
Scenarios:
-
Not adding PC2 to infected host list
In case of PC2 block: When PC2 download malware or access C&C server by botnet infection, PC2 will be on the infected host list and not able to go through SRX.
Configure SRX to not add PC2 to infected host list.
-
Not adding PC1 to infected host list by accessing ServerB
In case of PC1 block: When PC1 downloads malware from ServerB, PC1 will be on the infected host list and not able to go through SRX.
Configure SRX to not add PC1 to the infected host list by accessing ServerB.
Scenario 1: Not adding PC2 to the infected host list
If PC2 needs to bypass SkyATP to not be on the Infected host list, this will be accomplished by the following CLI configuration:
>set security dynamic-address except-list 10.0.0.3 ip-end 10.0.0.3
Scenario 2 : Not to adding PC1 to the infected host-list by accessing ServerB
If ServerB is trusted and needs to bypass advanced malware inspection, this will be accomplished by adding IP address or URL in the allow list from the Web UI.
Refer to the documentation on Allowlist and Blocklist Overview