SRX Services Gateway
Highlighted
SRX Services Gateway

SRX Dynamic Local File Prefix-List for Blacklisting IP's

‎08-01-2019 02:22 AM

Hi,

 

Is there an option on the SRX to read from a local text file (e.g. stored in /var/tmp/) for a list of IP's that can then be applied to a firewall filter?

 

I want to block known bad IP's & TOR exit nodes etc, but the list of IP's are huge and would fill up the configuration file. Is there a way to load this list from a file, and define the location within the policy-options or firewall filter?

 

Thanks

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: SRX Dynamic Local File Prefix-List for Blacklisting IP's

‎08-01-2019 03:03 AM

Spotlight secure in the Sky ATP license is a feature that does this.

 

https://www.juniper.net/documentation/en_US/release-independent/spotlight-secure/topics/reference/ge...

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: SRX Dynamic Local File Prefix-List for Blacklisting IP's

‎08-13-2019 10:29 AM

Hi WingingIt,

 

In order to best utilize your SRX for blocking bad IP's and TOR Exist Nodes, utilization of Sky ATP Threat Feeds or Premium Subscription with your SRX.

 

Sky ATP Feeds include Third Party Feeds , such as TOR Exit Node IPs, and also can utilize Sky ATP Open API in order to create Custom Blacklist feeds.

 

You can also leverage Juniper Space Security Directory and Policy Enforcer to integrate with your SRX and Sky ATP in order to push down Sky ATP feeds along with Policy Enforcer Custom Feeds and Third Party Integration Feeds.

 

You would not need to worry about management of your file system on your SRX as Sky ATP and Space will perform this work for you. You will only need to create Security Intelligence Policies and Dynamic Address Entries to utilize this functionality.

 

https://www.juniper.net/documentation/product/en_US/juniper-sky-advanced-threat-prevention

 

https://www.juniper.net/documentation/en_US/junos-space17.1/policy-enforcer/topics/concept/junos-spa...

 

Hope this information helps.

 

Regards,

....................................

Jason Frantz

JTAC Technical Support Engineer SBR Carrier, NFX, Sky ATP, JATP

JNCIS-Sec

Phone JTAC: +1 888-314-5822 (Toll free, US & Canada), +1 408-745-9500 (Other Countries)

Working Hours: 6:00 AM - 3:00 PM (PST) - Weekly Off Days: (Saturdays & Sundays)

JTAC Knowledge Base: http://kb.juniper.net

Customer Service Online: http://www.juniper.net/support

If you require assistance in my absence please call JTAC to speak with the next available Engineer.

If you would like to have your case re-assigned send an email to: case-reassign@juniper.net with your case number in the subject line.