This article discusses the scenario where a host in the customer network is accessing an external IP which the network administrator wants to block complete access to.
Via the SkyATP UI, navigate to Configure ->
Blacklists ->
C&C Server. Then select the '+'
sign to add an IP.
Note: The change does not take effect immediately. The Feed will update the SRX periodically, approximately every hour.
To check the update interval of the SRX blocklist feed, enter operational mode on the SRX CLI.
For Example:
root@jtac-lab> show services security-intelligence category summary
Category name :Blacklist
Status :Enable
Description :Blacklist data
Update interval :3600s
TTL :3456000s
This feed updates every 3600 seconds, or once an hour.
To force the feed to update manually, request a feed download:
root@jtac-lab> request services security-intelligence download
Check a couple of times, a few seconds apart while it tries to update. It can take time to complete depending on the amount of feeds and changes to update
root@jtac-lab> request services security-intelligence download status
To check the IPs listed on the feed:
root@jtac-lab> show security dynamic-address feed-name blacklist_ip
node0:
--------------------------------------------------------------------
No. IP-start IP-end Feed Address
1 xx.xx.xx.xx xx.xx.xx.xx Blacklist/19 ID-21300053
Total number of matching entries: 1
{primary:node0}
root@jtac-lab>