SRX Dynamic Local File Prefix-List for Blacklisting IP's
Is there an option on the SRX to read from a local text file (e.g. stored in /var/tmp/) for a list of IP's that can then be applied to a firewall filter?
I want to block known bad IP's & TOR exit nodes etc, but the list of IP's are huge and would fill up the configuration file. Is there a way to load this list from a file, and define the location within the policy-options or firewall filter?
Re: SRX Dynamic Local File Prefix-List for Blacklisting IP's
In order to best utilize your SRX for blocking bad IP's and TOR Exist Nodes, utilization of Sky ATP Threat Feeds or Premium Subscription with your SRX.
Sky ATP Feeds include Third Party Feeds , such as TOR Exit Node IPs, and also can utilize Sky ATP Open API in order to create Custom Blacklist feeds.
You can also leverage Juniper Space Security Directory and Policy Enforcer to integrate with your SRX and Sky ATP in order to push down Sky ATP feeds along with Policy Enforcer Custom Feeds and Third Party Integration Feeds.
You would not need to worry about management of your file system on your SRX as Sky ATP and Space will perform this work for you. You will only need to create Security Intelligence Policies and Dynamic Address Entries to utilize this functionality.