Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Cloud Feeds for Juniper ATP Cloud

The cloud feed URL is set up automatically for you when your SRX Series Firewall is enrolled to the Juniper ATP Cloud. For more information, see Enroll an SRX Series Firewall Using the CLI and Enroll an SRX Series Firewall Using Juniper ATP Cloud Web Portal. There are no further steps you need to do to configure the cloud feed URL.

If you want to check the cloud feed URL on your SRX Series Firewall, run the show services security-intelligence URL CLI command. Your output should look similar to the following:

If you do not see a URL listed, run the ops script again as it configures other settings in addition to the cloud feed URL.

Once you configure your SRX Series Firewall, the cloud feeds are automatically sent from Juniper ATP Cloud to the device.

Table 1: Cloud Feed Regions

Region

URL

Source

United States

https://cloudfeeds.sky.junipersecurity.net

 Oregon, USA

European Union

https://cloudfeeds.sky.junipersecurity.net

 Oregon, USA

APAC

https://cloudfeeds-tokyo.sky.junipersecurity.net

 Tokyo, Japan

Canada

https://cloudfeeds-canada.sky.junipersecurity.net

 Montreal, Canada

SRX Series Update Intervals for Cloud Feeds

The following table provides the update intervals for each feed type. Note that when the SRX Series Firewall makes requests for new and updated feed content, if there is no new content, no updates are downloaded at that time.

Note:

Run the following commands only for troubleshooting purposes:

  • The request services security-intelligence uninstall command uninstalls the SecIntel service from the device.

  • The request services security-intelligence download command is used to manually initiate the download of the latest SecIntel updates before the next interval.
Table 2: Feed Update Intervals

Category

Feeds

SRX Series Firewall Update Intervals (in Seconds)

Command and Control (C&C)

Juniper Feeds

1,800

Integrated Feeds

86,400

Customer Feeds

60

GeoIP

geoip_country

86,400

Allowlist

 Juniper Feeds (whitelist_dns) 1,800
Juniper Feeds (whitelist_dns_umbrella) 86,400

Customer Feeds (domain, IP and Domain Name System (DNS))

1,800
Customer Feeds (reverse shell) 300

Blocklist

Customer Feeds (domain and IP)

1800

Infected Hosts

Infected Hosts

60
Suspicious Hosts Suspicious Hosts 60
DNS Juniper Feeds 1800
Customer Feeds 60

Dynamic Address Group (DAG)

Customer Feeds

1,800

Third party DAG Feeds. For example, Office 365

1,800