This article lists Frequently Asked Questions (FAQ) regarding Sky ATP GeoIP feeds and the respective answers.

1. Where is the GeoIP data stored on the SRX device after download?
   1. The GeoIP information is stored in /var/db.
2. How can I see the size of this information on disk, to make sure that there is enough space left on the SRX device?
   1. You can use either of two commands: % df -h or show system storage.
3. Does this database survive device reboot?
   1. Yes. Data is preserved after reboot and when the PE is down.
4. In case the PE is down and there is no new update, how long will the local GeoIP data stay cached on the SRX device?
   1. Since the data is not cached in memory but in a database file on the SRX device, this will stay in the file system unless it is removed.
5. If GeoIP rules are configured, but no database is available, will the SRX device fail open or fail close?
   1. From testing, when something goes wrong related to "IPFilter" objects, the reaction is ANY_IP.  For example, the blocklist rule "deny something" turns into "deny all."
6. How is the GeoIP data stored with the cluster? Is it downloaded to flash on both cluster members, or just an active cluster? If failover happens, does the second cluster member have the GeoIP information instantly (because it was stored on a second node), or is it necessary to download this information again from the PE?
   1. In regards to the SRX HA Cluster, the GeoIP data will be stored on both members of the cluster. If a failover occurs, the active SRX device will use the data available in the GeoIP DB.
7. Are GeoIP SecIntel Feeds supported on SRX300 and SRX320 platforms?
   1. Starting in Junos OS release 18.3R1, SRX300 and SRX320 platforms support GeoIP feeds from Sky ATP. See the Supported Platforms Guide.
8. Do JATP400, JATP700, and JATP Virtual Core support GeoIP Feeds?
   1. Yes. You need to configure the SRX device as detailed in the Configuring GeoIP Guide.
9. Can I use lowercase ASCII letters when configuring a Country Code?
   1. No. Since the feed uses uppercase letters, the configuration for Country Code must match. Please reference the Configuring GeoIP Guide.
10. Is GeoIP intended only for external to internal threats?
    1. No, the GeoIP Dynamic Address Entry can be implemented in security policies without regard to the direction of traffic. For example (this can reflect external to internal or internal to external zones):

 

11. Do I require a Sky ATP Subscription to utilize the Sky ATP GeoIP Feature?
    1. Yes. You must obtain either a Basic (Threat Feeds) or Premium Sky ATP Subscription in order to utilize the GeoIP Feed feature. See Licenses For Advanced Threat Prevention.

2018-09-28: Updated item 7 answer with new support information.
2019-04-25: added items 8, 9, and 10
2019-11-21: Added item 11 to the Solution section