Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Add and Manage DAG Filters

Access the Dynamic Address Group (DAG) Filter page from the Configure > Feeds Configuration > DAG Filter menu.

Use a DAG filter to add feeds for the AWS and Azure regions and services that you select. You can configure a maximum of 10 DAG filters for AWS and Azure.

If you do not configure any DAG filter, generic feeds from all AWS and Azure regions and services are displayed. You must configure at least one DAG filter to avoid seeing these generic feeds.

Benefits

You can filter and view the feeds from specific AWS or Azure regions and services relevant to you.

Add DAG Filters

  1. Select Configure > Feeds Configuration > DAG Filter.

    The DAG Filters page is displayed.

  2. Select either AWS or the Azure tab.

  3. Click the plus icon ().

    The Add <AWS or Azure> DAG Filter window is displayed.

  4. (Optional) In the Description field, enter a description for the DAG filter.

  5. Select a region from the Region drop-down list.

    When you select a region, the Service drop-down list is available for Azure DAG filter.

  6. Select a service from the Service drop-down list.

    When you select the region and service for AWS or Azure, the DAG filter name is automatically generated in the Name field. You cannot edit the DAG filter name.

    Note:

    The exact names for AWS and Azure regions and services are shown in the Name field for the DAG filter. This mapping is relevant only for the manifest file to ensure the DAG feed name is compatible with SRX Series Firewalls.

    Junos OS allows a maximum of 32 characters for the DAG filter name. If the feed name is longer than this limit, the cloud feeds manifest file will not display the feed name.

  7. Click OK.

    You can see the DAG feeds from the selected region and service in the DAG Filter page.

    Table 1: DAG Filters Fields
    Field Description
    Name

    Auto-generated feed name based on selected region and service.

    The name includes the selected region and service. For example, if the name of the feed is ap-northeast-2_ROUTE53_RESOLVER, ap-northeast-2 is the region, and ROUTE53_RESOLVER is the service you selected for the feed.
    Region Selected AWS or Azure region
    Feed Name

    Feed name displayed in the manifest.xml file.

    For example: ipfilter_aws_ap-northeast-2_RT53, ipfilter_azure_APAC_Azrrcnfrstrc
    Service Selected AWS or Azure service
    Last Changed Date and time of the most recent feed update
    Changed By Email of the user who updated the feed
    Description Description of the AWS or Azure feed

  8. Verify the feed name in the manifest.xml file. For example, if the feed name is ipfilter_aws_ap-northeast-2_RT53, it will appear as follows.

  9. Run the CLI command set security dynamic-address address-name amazonaws profile category IPFilter feed <feed-name-in-manifest-file> on SRX Series Firewalls to add AWS feeds,

  10. Run the CLI command set security dynamic-address address-name microsoftazure profile category IPFilter feed <feed-name-in-manifest-file> on SRX Series Firewalls to add Azure feeds.

  11. Run the CLI command show security dynamic-address category-name IPFilter feed-name <feed name in manifest file> on SRX Series Firewalls to view the added feeds.

Manage DAG Filter

  • Edit—Select the DAG filter, and then click the pencil icon ().

  • Delete—Select the DAG filter, and then click the trash can icon ().

Related Documentation