Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring the SRX Series Device to Block Outbound Requests to a C&C Host

 

The C&C feed lists devices that attempt to contact a C&C host. If an outbound request to a C&C host is attempted, the request is blocked and logged or just logged, depending on the configuration. Currently, you configure C&C through CLI commands and not through the Web interface.

To create the C&C profile and policy and firewall policy:

  1. Configure the C&C profile. In this example the profile name is cc_profile and threat levels 8 and above are blocked.
  2. Verify your profile is correct using the show services security-intelligence CLI command. Your output should look similar to this.
  3. Configure your C&C policy to point to the profile created in Step 1. In this example, the C&C policy name is cc_policy.
  4. Verify your policy is correct using the show services security-intelligence CLI command. Your output should look similar to this.
  5. Configure the firewall policy to include the C&C policy. This example sets the trust-to-untrust zone.
  6. Verify your command using the show security policies CLI command. It should look similar to this:
  7. Commit your changes.