Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Help Center
Show Contents
Help CenterConfigureShared Objects-Geo IPManual Configuration-Sky ATP with SDSN
Contents  
ContentsHide
ContentsHide
DownloadPrint

Creating Geo IP Policies

You can create Geo IP policies from the Geo IP policies page.

Before You Begin

Procedure

To create a Geo IP policy:

  1. Select Configure>Shared Objects>Geo IP.
  2. Click the + icon.
  3. Complete the configuration by using the guidelines in Table 260 below.
  4. Click OK.

Table 308: Fields on the Geo IP Policy Page

Name

Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum.

Description

Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators.

Countries

Select the check box beside the countries in the Available list and click the > icon to move them to the Selected list. The countries in the Selected list will be included in the policy and action will be taken according to their threat level.

Block Traffic

Choose what traffic to block from the selected countries. Incoming traffic, Outgoing traffic, or Incoming and Outgoing traffic. (Policy Enforcer only)

Log Setting

Choose to log all traffic or only blocked traffic. (Policy Enforcer only)

Procedure

Once you have a Geo IP policy, you assign it to one more groups (Policy Enforcer only):

To assign a Geo IP policy to a group or groups:

  1. In the Group column, click the Assign to Groups link that appears here when there are no groups assigned or click the group name that appears in this column to edit the existing list of assigned groups.
  2. In the Assign to Groups page, select the check box beside a group in the Available list and click the > icon to move it to the Selected list. The groups in the Selected list will be assigned to the policy.
  3. Click OK.
  4. Once one or more groups have been assigned, a Ready to Update link appears in the Status column. You must update to apply your new or edited policy configuration. Clicking the Ready to Update link takes you the Threat Policy Analysis page. See Threat Policy Analysis Overview. From there you can view your changes and choose to Update now, Update later, or Save them in draft form without updating.
  5. If you are using Sky ATP without Policy Enforcer, you must select your Geo IP policy as the source and/or destination of a firewall rule. Navigate to Configure > Firewall Policy > Policies.

Related Documentation

Help us to improve. Rate this article.
     
Feedback Received. Thank You!
Previous
Geo IP Overview
Next
Configuring Sky ATP (No SDSN and No Guided Setup) Overview
Related Topics
Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

© 2018 Juniper Networks, Inc. All rights reserved

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit