Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Introduction
play_arrow Dashboard
- About the Dashboard
play_arrow Monitor
- play_arrow Alerts
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Tunnel Status
- play_arrow Service Locations
  - Service Locations Overview
- play_arrow Advanced Threat Prevention
- play_arrow Reports
  - Reports Overview
  - Managing Reports
- play_arrow Report Definitions
- play_arrow Generated Reports
  - Using Reports
- play_arrow ATP Report Definitions
- play_arrow ATP Generated Reports
  - ATP Generated Reports Overview
- play_arrow Secure Edge Reports
  - Secure Edge Reports Overview
play_arrow SRX Device Management
- play_arrow Devices
- play_arrow Device Groups
- play_arrow Preprovision Profiles
- play_arrow Configuration Templates
- play_arrow Images
- play_arrow Security Packages
play_arrow SRX Security Policy
- play_arrow SRX Security Policies
- play_arrow SRX Security Policy Rules
- play_arrow SRX Security Policy Versions
- play_arrow Device View
  - Devices with Security Policies Main Page Fields
play_arrow SRX Security Subsciptions
- play_arrow IPS Profiles
- play_arrow IPS Signatures
- play_arrow Content Security
  - Content Security Overview
  - Configure the Content Security Settings
- play_arrow Content Security Profiles
- play_arrow Web Filtering Profiles
- play_arrow Antivirus Profiles
- play_arrow Antispam Profiles
- play_arrow Content Filtering Profiles
- play_arrow Content Filtering Policies (New)
- play_arrow Decrypt Profiles
- play_arrow SecIntel
  - Security Intelligence Overview
- play_arrow SecIntel Profiles
- play_arrow SecIntel Profile Groups
- play_arrow Anti-Malware
- play_arrow Secure Web Proxy
- play_arrow Flow-Based Antivirus
- play_arrow ICAP Redirect Profile
- play_arrow Metadata Streaming Policy
- play_arrow DNS Filter
play_arrow SRX IPSec VPN
play_arrow SRX NAT
- play_arrow NAT Policies
- play_arrow NAT Pools
- Devices with NAT Policies
play_arrow SRX Identity
play_arrow Secure Edge Service Management
play_arrow Secure Edge Security Policy
play_arrow Secure Edge Security Subscriptions
play_arrow Secure Edge Service Administration
play_arrow Secure Edge Identity
play_arrow Secure Edge CASB and DLP
- About CASB and DLP
play_arrow Shared Services Firewall Policies
- play_arrow Rule Options
- play_arrow Redirect Profiles
play_arrow Shared Services Objects
- play_arrow Addresses
- play_arrow GeoIP
- play_arrow Services
- play_arrow Applications
- play_arrow Schedules
- play_arrow URL Patterns
- play_arrow URL Categories
- play_arrow SSL Initiation Profile
play_arrow Shared Services Advanced Threat Prevention
play_arrow Administration
- play_arrow Subscriptions
- play_arrow Users & Roles
- play_arrow Single Sign-On Configuration
- play_arrow Two-Factor Authentication
- play_arrow Audit Logs
  - Audit Logs Overview
  - Export Audit Logs
- play_arrow Service Updates
  - About the Service Updates Page
- play_arrow Jobs
- play_arrow Data Management
- play_arrow Log Streaming
- play_arrow URL Recategorization
  - URL Recategorization Overview
  - Request URL Recategorization
- play_arrow API Security
- play_arrow Organization
- play_arrow ATP Mapping
- play_arrow ATP Audit Logs
  - ATP Audit Logs Overview
  - Export Audit Logs
- play_arrow ATP Application Tokens

list Table of Contents

English

keyboard_arrow_right

Create Allowlists

date_range 18-Dec-24

arrow_backward

arrow_forward

Click Shared Services > Advanced Threat Prevention > Allowlists.

Click the required tab, click +, enter the required details, and click OK.

Setting	Guidelines
ANTI-MALWARE > IP	Enter a valid IPv4 or IPv6 IP address. For example, 1.2.3.4 or 0:0:0:0:0:FFFF:0102:0304. CIDR notation and IP address ranges are also accepted. For example, IPv4: 1.2.3.4, 1.2.3.4/30, or 1.2.3.4-1.2.3.6 and IPv6: 1111::1, 1111::1-1111::9, or 1111:1::0/64. For address ranges, no more than a block of /16 IPv4 addresses and /48 IPv6 addresses are accepted. For example, 10.0.0.0-10.0.255.255 is valid, but 10.0.0.0-10.1.0.0 is not. For bitmasks, the maximum amount of IP addresses covered by bitmask in a subnet record for IPv4 is 16 and for IPv6 is 48. For example, 10.0.0.0/15 and 1234::/47 are not valid.
ANTI-MALWARE > URL	Enter a URL in domainname.domainextension format, for example, juniper.net. Wildcards and protocols are not valid entries. The system automatically adds a wildcard to the beginning and end of URLs. Therefore juniper.net also matches a.juniper.net, a.b.juniper.net, and a.juniper.net/abc. If you explicitly enter a.juniper.net, it matches b.a.juniper.net, but not c.juniper.net. You can enter a specific path. If you enter juniper.net/abc, it matches x.juniper.net/abc, but not x.juniper.net/123.
ANTI-MALWARE > File Hash	You can upload several TXT files that will be automatically combined into one file named current list. List hashes in a TXT file with each entry on a single line. You can only have one running hash file containing up to 15,000 file hashes. You can add, edit, or delete a hash value. Click Download to download the TXT file if you want to view or edit the hashes. Click Select Hash File Items Upload Option > Replace current list to edit the current list and not delete it entirely. You can download the existing file, edit it, and then upload it again. Click Select Hash File Items Upload Option > Merge with current list to merge a new TXT file with the existing TXT file. The hashes in both files combine to form one TXT file with all hashes. Click Select Hash File Items Upload Option > Delete from current list to delete only a portion of the current list. Create a TXT file with only the hashes you want to remove from the current list and upload the file using this option. The hashes in the uploaded file are then deleted from the current list. Click Delete All or Delete Selected to delete all lists that have been added or the selected list respectively.
ANTI-MALWARE > Email Sender	Enter email address in the name@domainname.domainextension format. Wildcards and partial matches are not supported. To include an entire domain, enter the domain in domainname.domainextension format.
SECINTEL	Enter an IPv4 or IPv6 address, range, subnet. Enter domain in domainname.domainextension format. Wildcards are not supported. The IP or domain is sent to Juniper Secure Edge to be excluded from any security intelligence blocklists or C&C feeds (both Juniper’s global threat feed and third party feeds). It will also be listed under the C&C allowlist management page. Click Upload File to upload a list of servers as a TXT file with each IP or domain in a single line. The TXT file must include all IPs or all Domains, each in their own file. You can upload multiple files, one at a time. You can also manage the entries using the Threat Intelligence API. The entries are available in the Threat Intelligence API under “whitelist_domain” or “whitelist_ip” feed names. See Juniper ATP Cloud Threat Intelligence Open API Setup Guide. Warning: Adding a C&C server to the allowlist automatically triggers a remediation process to update any affected hosts (in that realm) that have contacted the whitelisted C&C server. All C&C events related to this allowlisted server will be removed from the affected hosts’ events, and a host threat level recalculation will occur. If the host score changes during this recalculation, a new host event appears describing why it was rescored. For example, “Host threat level updated after C&C server 1.2.3.4 was cleared." Additionally, the server will no longer appear in the list of C&C servers because it has been cleared.
ETI	Enter IP address or hostnames that can be excluded from encrypted traffic analysis.
DNS	Enter the domains in domainname.domainextension format that can be excluded from DNS filtering.
REVERSE SHELL	Enter IP address or domains that can be excluded from scans for reverse shell attacks.

arrow_backward PREVIOUS Allowlists Overview

NEXT arrow_forward Blocklists Overview

footer-navigation