Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Juniper Advanced Threat Prevention Cloud With Geolocation IP

 

To configure Juniper ATP Cloud with GeoIP, you first create the GeoIP DAE and specify the interested countries. Then, create a security firewall policy on the SRX Series device to reference the DAE and define whether to allow or block access.

To create the GeoIP DAE and security firewall policy:

  1. Create the DAE using the set security dynamic-address CLI command. Set the category to GeoIP and property to country (all lowercase). When specifying the countries, use the two-letter ISO 3166 country code in capital ASCII letters; for example, US or DE. For a complete list of country codes, see ISO 3166-1 alpha-2.

    In the following example, the DAE name is my-geoip and the interested countries are the United States (US) and Great Britain (GB).

  2. Use the show security dynamic-address CLI command to verify your settings. Your output should look similar to the following:
  3. Create the security firewall policy using the set security policies CLI command.

    In the following example, the policy is from the untrust to trust zone, the policy name is my-geoip-policy, the source address is my-geoip created in Step 1, and the action is to deny access from the countries listed in my-geoip.

  4. Use the show security policies CLI command to verify your settings. Your output should look similar to the following: