Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to add an IP to a blocklist with SkyATP WebUI

0

0

Article ID: KB33890 KB Last Updated: 08 Oct 2020Version: 2.0
Summary:

This article discusses the scenario where a host in the customer network is accessing an external IP which the network administrator wants to block complete access to.

Solution:

Via the SkyATP UI, navigate to Configure -> Blacklists -> C&C Server. Then select the  '+' sign to add an IP.

Note: The change does not take effect immediately. The Feed will update the SRX periodically, approximately every hour.

To check the update interval of the SRX blocklist feed, enter operational mode on the SRX CLI.

For Example:

root@jtac-lab> show services security-intelligence category summary
Category name     :Blacklist
  Status          :Enable
  Description     :Blacklist data
  Update interval :3600s
  TTL             :3456000s


This feed updates every 3600 seconds, or once an hour.

To force the feed to update manually, request a feed download:

root@jtac-lab> request services security-intelligence download  

Check a couple of times, a few seconds apart while it tries to update. It can take time to complete depending on the amount of feeds and changes to update

root@jtac-lab> request services security-intelligence download status 
 

To check the IPs listed on the feed:

root@jtac-lab> show security dynamic-address feed-name blacklist_ip
node0:
--------------------------------------------------------------------
No.      IP-start        IP-end          Feed             Address
1        xx.xx.xx.xx    xx.xx.xx.xx     Blacklist/19     ID-21300053

Total number of matching entries: 1

{primary:node0}
root@jtac-lab>
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search