Authentication and Access Control
-
Support for dynamic address groups (cSRX)—Starting in Junos OS Release 22.2R1, cSRX supports dynamic address groups (DAGs) or entries in a security policy.
In a Juniper Connected Security deployment, cSRX receives policy updates from external sources such as Policy Enforcer and SecIntel feeds. These external sources provide lists of IP addresses that satisfy either of these conditions:
- Have a specific purpose, such as a blocklist.
- Include a common attribute, such as a particular location or behavior that might pose a threat.
You use the external intelligence in the cloud to identify threat sources by their IP addresses. You can then group those addresses into a dynamic address entry or DAG.
Reference this dynamic address entry in a security policy to control the traffic to and from those addresses.
[See Dynamic Address Group Overview and Dynamic Address Groups in Security Policies.]