Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Whitelists and Blacklists

    Access this page from Configure > Threat Prevention > Sky ATP Malware Management and choose the Whitelist or Blacklist tab.

    • Decide on the type of location you intend to define: URL or IP.
    • Review current list entries to ensure the item you are adding does not already exist.
    • Review syntax requirements for entries inTable 1.

    To configure whitelists and blacklists:

    1. From the Whitelist or Blacklist tab, click the + sign.
    2. Select a Sky ATP Realm.
    3. Click the + sign.
    4. Enter an IP address or a URL. Continue to click the + sign to add more entries. See Table 1 for syntax requirements.
    5. Click OK.

    Table 1: Whitelist and Black Syntax

    Setting

    Guideline

    IP

    Enter an IPV4 address in standard four octet format. CIDR notation and IP address ranges are also accepted. Any of the following formats are valid: 1.2.3.4, 1.2.3.4/30, or 1.2.3.4-1.2.3.6.

    URL

    Enter the URL using the following format: juniper.net. Wildcards and protocols are not valid entries. The system automatically adds a wildcard to the beginning and end of URLs. Therefore juniper.net also matches a.juniper.net, a.b.juniper.net, and a.juniper.net/abc. If you explicitly enter a.juniper.net, it matches b.a.juniper.net, but not c.juniper.net. You can enter a specific path. If you enter juniper.net/abc, it matches x.juniper.net/abc, but not x.juniper.net/123.

    To edit an existing whitelist or blacklist entry, select the check box next to the entry you want to edit and click the pencil icon.

    Sky ATP periodically polls for new and updated content and automatically downloads it to your SRX Series device. There is no need to manually push your whitelist or blacklist files.

    Modified: 2017-08-08