Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Services Applications

  • Support for GeoIP filtering, global allowlist, and global blocklist with Juniper ATP Cloud (MX240, MX480, and MX960)—Starting in Junos OS Release 22.1R1, you can configure the Security Intelligence process (IPFD) on MX Series routers to fetch the GeoIP feeds from Juniper ATP Cloud. You can then use the feeds to prevent devices from communicating with IP addresses belonging to specific countries.

    You can define:

    • A profile to dynamically fetch GeoIP feeds. Include the geo-ip rule match country country-name statement at the [edit services web-filter profile profile-name security-intelligence-policy] hierarchy level.
    • A template to dynamically fetch GeoIP feeds. Include the geo-ip rule match group group-name statement at the [edit services web-filter profile profile-name url-filter-template template-name security-intelligence-policy] hierarchy level.

    You can configure a global allowlist by configuring the white-list (IP-address-list | file-name) statement at the edit services web-filter profile profile-name security-intelligence-policy hierarchy level. You can configure a global blocklist by configuring the black-list (IP-address-list | file-name) statement at the edit services web-filter profile profile-name security-intelligence-policy hierarchy level. Here, IP-address-list refers to the name of the list specified at the [edit services web-filter] hierarchy level. The file-name option refers to the name of the file where the list of the IP addresses to be allowed or blocked is specified. The file must be in the /var/db/url-filterd directory and must have the same name as in the configuration.

    [See Integration of Juniper ATP Cloud and Web filtering on MX Routers .]