Creating Blocklists for Juniper ATP Cloud Email and Malware Management
Use the Modify Blocklist page to add email addresses, IP addresses, and URLs to the blocklist. A blocklist contains known untrusted IP addresses, URLs, and domains. Access to locations on the blocklist is blocked, and therefore no content can be downloaded from those sites.
Before You Begin
Read the Juniper ATP Cloud Email Management Overview topic.
Read the Juniper ATP Cloud Malware Management Overview topic.
Compile a list of known malicious email addresses or domains to add to your blocklist. If an email matches the blocklist, it is considered to be malicious and is handled the same way as an email with a malicious attachment, blocked and a replacement email is sent. If an email matches the allowlist, that email is allowed through without any scanning.
It is worth noting that attackers can easily fake the “From” email address of an email, making blocklists a less effective way to stop malicious emails.
Decide on the type of location you intend to define: URL or IP address.
Review the current list of entries to ensure that the item you are adding does not already exist.
To configure the blocklists:
- Select Configure>Threat Prevention> Feed Sources.
The Feed Sources page appears.
- Under the ATP Cloud tab, right-click the ATP Cloud realm
or from the More list, select Blocklist.
The Modify Blocklist page appears.
- Click the + sign to add more entries to the blocklist.
- Complete the configuration by using the guidelines in Table 1.
- Click OK.
Table 1: Fields on the Modify Blocklist Page
Field | Description |
---|---|
Email List | |
Email Sender | The allowed email senders are listed here. To add more email senders to the blocklist, click the + sign. Enter the full address in the format name@domain.com or wildcard the name to permit all emails from a specific domain. For example, *@domain.com. |
Malware List | |
IP and URL | Enter an IP address or a URL.
|
To edit an existing blocklist entry, select the blocklist that you want to edit and click the pencil icon.
Juniper ATP Cloud periodically polls for new and updated content and automatically downloads it to your SRX Series device. There is no need to manually push your blocklist files.