dynamic-Address feed from a web server
gzip format
Sidenote – 15.1X49 is validating server certificate (CA needs to be present on SRX under [security pki …]
JSA is updating feed for SRX to local webroot, suspicious-IPs and IDP-IPs are IPFilter objects usable in firewall policy:
> show configuration security dynamic-address
feed-server fs-jsa {
hostname 10.0.0.99;
update-interval 30;
hold-interval 300;
feed-name suspicious-IPs {
path suspicious-IPs.gz;
}
feed-name IDP-IPs {
path IDP-IPs.gz;
}
}
address-name suspicious-IPs {
profile {
feed-name suspicious-IPs;
category IPFilter;
}
}
address-name IDP-IPs {
profile {
feed-name IDP-IPs;
category IPFilter;
}
}
set security dynamic-address feed-server NFX-Home description "NFX hosting some bad IP feeds"
set security dynamic-address feed-server NFX-Home hostname 192.168.2.200
set security dynamic-address feed-server NFX-Home update-interval 30
set security dynamic-address feed-server NFX-Home hold-interval 86400
set security dynamic-address feed-server NFX-Home feed-name dshield-feed description "SANS Blocklist"
set security dynamic-address feed-server NFX-Home feed-name dshield-feed path dshield-blacklist.gz
set security dynamic-address feed-server NFX-Home feed-name Suspicious-IP-feed path Suspicious-IPs.gz
set security dynamic-address address-name dshield-block-list profile feed-name dshield-feed
set security dynamic-address address-name dshield-block-list profile category IPFilter
set security dynamic-address address-name Suspicious-IPs profile feed-name Suspicious-IP-feed
set security dynamic-address address-name Suspicious-IPs profile category IPFilter
set security policies from-zone trust to-zone untrust policy t2u-BLOCKLIST-deny match destination-address Suspicious-IPs