Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Creating Blocklists for Sky ATP Email and Malware Management

Use the Modify Blacklist page to add email addresses, IP addresses, and URLs to the blocklist. A blocklist contains known untrusted IP addresses, URLs, and domains. Access to locations on the blocklist is blocked, and therefore no content can be downloaded from those sites.

Before You Begin

Procedure

To configure the blocklists:

  1. Select Configure>Threat Prevention> Feed Sources.

    The Feed Sources page appears.

  2. Under the Sky ATP tab, right-click the Sky ATP realm or from the More list, select Blacklist.

    The Modify Blacklist page appears.

  3. Click the + sign to add more entries to the blocklist.
  4. Complete the configuration by using the guidelines in Table 257.
  5. Click OK.

Table 257: Fields on the Modify Blacklist Page

Field

Description

Email List

Email Sender

The allowed email senders are listed here.

To add more email senders to the blocklist, click the + sign.

Enter the full address in the format name@domain.com or wildcard the name to permit all emails from a specific domain. For example, *@domain.com.

Malware List

IP and URL

Enter an IP address or a URL.

  • IP—Enter an IPV4 address in standard four octet format. CIDR notation and IP address ranges are also accepted. Any of the following formats are valid: 1.2.3.4, 1.2.3.4/30, or 1.2.3.4-1.2.3.6.

  • URL—Enter the URL using the following format: juniper.net. Wildcards and protocols are not valid entries. The system automatically adds a wildcard to the beginning and end of URLs. Therefore juniper.net also matches a.juniper.net, a.b.juniper.net, and a.juniper.net/abc. If you explicitly enter a.juniper.net, it matches b.a.juniper.net, but not c.juniper.net. You can enter a specific path. If you enter juniper.net/abc, it matches x.juniper.net/abc, but not x.juniper.net/123.

To edit an existing blocklist entry, select the blocklist that you want to edit and click the pencil icon.

Sky ATP periodically polls for new and updated content and automatically downloads it to your SRX Series device. There is no need to manually push your blocklist files.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit