Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


root@SRX5# show security dynamic-address
inactive: traceoptions {
file trace1;
level all;
flag all;
}
feed-server feedsrv {
hostname 192.168.0.11;
update-interval 30;
hold-interval 300;
feed-name suspicious_IP {
path /var/www/html/testip.txt;
}
}
address-name suspicious_IP {
profile {
feed-name suspicious_IP;
category IPFilter;
}
}


Sidenote – 15.1X49 is validating server certificate (CA needs to be present on SRX under [security pki …]



JSA is updating feed for SRX to local webroot, suspicious-IPs and IDP-IPs are IPFilter objects usable in firewall policy:  

> show configuration security dynamic-address
feed-server fs-jsa {
hostname 10.0.0.99;
update-interval 30;
hold-interval 300;
feed-name suspicious-IPs {
path suspicious-IPs.gz;
}
feed-name IDP-IPs {
path IDP-IPs.gz;
}
}
address-name suspicious-IPs {
profile {
feed-name suspicious-IPs;
category IPFilter;
}
}
address-name IDP-IPs {
profile {
feed-name IDP-IPs;
category IPFilter;
}
}


  • No labels