Creating Allowlist and Blocklists
Access this page from Configure > Threat Prevention > Sky ATP Malware Management and choose the Whitelist or Blacklist tab.
Decide on the type of location you intend to define: URL or IP.
Review current list entries to ensure the item you are adding does not already exist.
Review syntax requirements for entries inTable 1.
To configure allowlists and blocklists:
- From the Whitelist or Blacklist tab, click the + sign.
- Select a Sky ATP Realm.
- Click the + sign.
- Enter an IP address or a URL. Continue to click the + sign to add more entries. See Table 1 for syntax requirements.
- Click OK.
Table 1: Allowlist and Block Syntax
Enter an IPV4 address in standard four octet format. CIDR notation and IP address ranges are also accepted. Any of the following formats are valid: 220.127.116.11, 18.104.22.168/30, or 22.214.171.124-126.96.36.199.
Enter the URL using the following format: juniper.net. Wildcards and protocols are not valid entries. The system automatically adds a wildcard to the beginning and end of URLs. Therefore juniper.net also matches a.juniper.net, a.b.juniper.net, and a.juniper.net/abc. If you explicitly enter a.juniper.net, it matches b.a.juniper.net, but not c.juniper.net. You can enter a specific path. If you enter juniper.net/abc, it matches x.juniper.net/abc, but not x.juniper.net/123.
To edit an existing allowlist or blocklist entry, select the check box next to the entry you want to edit and click the pencil icon.
Sky ATP periodically polls for new and updated content and automatically downloads it to your SRX Series device. There is no need to manually push your allowlist or blocklist files.