Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation
keyboard_arrow_up
close
keyboard_arrow_left
Release Notes: Junos OS Release 22.1R1
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Services Applications

date_range 14-Mar-22
  • Support for GeoIP filtering, global allowlist, and global blocklist with Juniper ATP Cloud (MX240, MX480, and MX960)—Starting in Junos OS Release 22.1R1, you can configure the Security Intelligence process (IPFD) on MX Series routers to fetch the GeoIP feeds from Juniper ATP Cloud. You can then use the feeds to prevent devices from communicating with IP addresses belonging to specific countries.

    You can define:

    • A profile to dynamically fetch GeoIP feeds. Include the geo-ip rule match country country-name statement at the [edit services web-filter profile profile-name security-intelligence-policy] hierarchy level.
    • A template to dynamically fetch GeoIP feeds. Include the geo-ip rule match group group-name statement at the [edit services web-filter profile profile-name url-filter-template template-name security-intelligence-policy] hierarchy level.

    You can configure a global allowlist by configuring the white-list (IP-address-list | file-name) statement at the edit services web-filter profile profile-name security-intelligence-policy hierarchy level. You can configure a global blocklist by configuring the black-list (IP-address-list | file-name) statement at the edit services web-filter profile profile-name security-intelligence-policy hierarchy level. Here, IP-address-list refers to the name of the list specified at the [edit services web-filter] hierarchy level. The file-name option refers to the name of the file where the list of the IP addresses to be allowed or blocked is specified. The file must be in the /var/db/url-filterd directory and must have the same name as in the configuration.

    [See Integration of Juniper ATP Cloud and Web filtering on MX Routers .]

footer-navigation