Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Removed

root@SRX5# show security dynamic-address
inactive: traceoptions {
file trace1;
level all;
flag all;
}
feed-server feedsrv {
hostname 192.168.0.11;
update-interval 30;
hold-interval 300;
feed-name suspicious_IP {
path /var/www/html/testip.txt;
}
}
address-name suspicious_IP {
profile {
feed-name suspicious_IP;
category IPFilter;
}
}

Image Added


gzip format


Sidenote – 15.1X49 is validating server certificate (CA needs to be present on SRX under [security pki …]

...

> show configuration security dynamic-address
feed-server fs-jsa {
hostname 10.0.0.99;
update-interval 30;
hold-interval 300;
feed-name suspicious-IPs {
path suspicious-IPs.gz;
}
feed-name IDP-IPs {
path IDP-IPs.gz;
}
}
address-name suspicious-IPs {
profile {
feed-name suspicious-IPs;
category IPFilter;
}
}
address-name IDP-IPs {
profile {
feed-name IDP-IPs;
category IPFilter;
}
}



set security dynamic-address feed-server NFX-Home description "NFX hosting some bad IP feeds"
set security dynamic-address feed-server NFX-Home hostname 192.168.2.200
set security dynamic-address feed-server NFX-Home update-interval 30
set security dynamic-address feed-server NFX-Home hold-interval 86400
set security dynamic-address feed-server NFX-Home feed-name dshield-feed description "SANS Blocklist"
set security dynamic-address feed-server NFX-Home feed-name dshield-feed path dshield-blacklist.gz
set security dynamic-address feed-server NFX-Home feed-name Suspicious-IP-feed path Suspicious-IPs.gz

set security dynamic-address address-name dshield-block-list profile feed-name dshield-feed
set security dynamic-address address-name dshield-block-list profile category IPFilter
set security dynamic-address address-name Suspicious-IPs profile feed-name Suspicious-IP-feed
set security dynamic-address address-name Suspicious-IPs profile category IPFilter

set security policies from-zone trust to-zone untrust policy t2u-BLOCKLIST-deny match destination-address Suspicious-IPs