Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


About the Feed Sources Page


To access this page, click Configure > Threat Prevention > Feed Sources.

Policy Enforcer uses threat feeds to provide actionable intelligence to policies about various types of threats. These feeds can come from different sources, such as Sky ATP, and from lists that you can customize by adding IP addresses, domains, and URLs.

You can add allowlist and blocklist in Sky ATP and as well as in Custom feeds. When you add an allowlist or blocklist in Custom feeds, a warning message shows that it will erase the existing allowlist or a blocklist in Sky ATP, if any. You can only have one source for allowlist, blocklist, and infected host feeds.

Tasks You Can Perform

You can perform the following tasks from the Sky ATP page:

You can perform the following tasks from the Custom Feeds page:

Field Descriptions

Table 1 provides guidelines on using the fields on the Feed Sources page.

Table 1: Fields on the Feed Sources Page





Name of the Sky ATP realm.


Name of the site associated to the realm.


Name of the perimeter firewall devices that are enrolled to Sky ATP.


Region of the Sky ATP realm.

Enrollment Status

Enrollment status of the realm.

Token Expiry

Expiry date and time of a token generated at the Sky ATP side when a realm is registered. The token will be valid for one year. Once the token expires, the status is flipped to Expired.

Thirty days prior to the expiry date, renew option is enabled to renew the token. Click Renew to renew the token. Enter the realm credentials in the renew window and if the realm credentials are valid, a new token is generated and assigned to the realm. The old and the expired token is deleted.

Note: The username (e-mail address) that you provide as realm credentials must exactly match with the username that is used while creating a realm in Juniper Sky ATP. To view the username in the Juniper Sky ATP user interface, go to Administration>Users.

The e-mail address used as a username is case sensitive. If there is a mismatch in the username, the validation of realm credentials fails and the token will not be renewed.

Feed Status

The consolidated status of all the feeds of a selected Sky ATP realm is shown here.

If the status of any one of the feeds is FAILED, then the consolidated status is shown as FAILED. Hover over the field to see the individual status of each feed.

Last Downloaded

The date and time of the last time Policy Enforcer has requested the feeds from Sky ATP is shown here. Hover over the field to view a detailed list of date and time of each feed download.

Custom Feeds


Name of the custom feed.

Feed Type

Type of the custom feed. For example, dynamic address, allowlist, blocklist, infected hosts, or DDoS.

Last Updated

Date and time when the selected custom feed was last updated.

Days to Become Inactive

Number of days within which the custom feed is going to expire or become inactive.

Remote Download Status

View the status of downloading feeds from a remote file server to Policy Enforcer. This field is blank for the locally created custom feeds.

The following statuses are shown under different scenarios:

  • Pending—Status is shown as pending until Policy Enforcer downloads the new feeds from the remote file server.

  • Success—Status is shown as success when Policy Enforcer downloads the feeds successfully.

  • Failed—Status is shown as failed when downloading the feeds fails.


View the description of your custom feed.

In the Custom Feeds page, you can search for any particular custom feed by its name and type of the custom feed. Click the filter icon and the following fields can be searchable:

  • Name—Enter the name of the custom feed to be searched.

  • Feed Type—Select the feed type from the list.