Juniper JN0-636 Exam With Confidence Using Practice Dumps

The suspicious_Endpoints feed is a dynamic address group that is created by Juniper ATP Cloud based on the IoT device discovery and policy enforcement feature. This feature allows the SRX Series device to send IoT traffic to Juniper ATP Cloud for analysis and classification. Juniper ATP Cloud then creates a threat feed that contains the IP addresses of the suspicious IoT devices and sends it back to the SRX Series device. The SRX Series device can then use this feed to create and enforce security policies for the IoT traffic. The suspicious_Endpoints feed is usable by any SRX Series device that is a part of the same realm as SRX-1, because the feed is shared among the devices that belong to the same Juniper ATP Cloud realm. Juniper ATP Cloud automatically creates the suspicious_Endpoints feed after you commit the security policy that references the feed, because the feed is dynamically generated based on the IoT traffic analysis. You do not need to manually create the feed in the Juniper ATP Cloud interface. References:

• Example- Configure IoT Device Discovery and Policy Enforcement
• Juniper Advanced Threat Prevention Cloud Policy Overview

The exhibit shows the configuration of filter-based forwarding on an SRX Series device. Filter-based forwarding is a feature that allows the device to use firewall filters to direct traffic to different routing instances based on the match criteria. In this scenario, the device has two routing instances - ISP-1 and ISP-2 - and two firewall filters - FBF and FBF-ISP-1. The FBF filter is applied to the ge-0/0/1 interface as an input filter. The FBF filter has one term that matches the traffic from the 172.25.0.0/24 network and directs it to the ISP-1 routing instance. The ISP-1 routing instance has a static route to the next hop 172.20.0.2. The FBF-ISP-1 filter is applied to the ge-0/0/0 interface as an output filter. The FBF-ISP-1 filter has one term that matches the traffic to the 172.20.0.2 next hop and sets the forwarding class to expedited-forwarding.

The problem in this scenario is that the traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor. This is because the FBF filter does not have a term that accepts the traffic from the 172.25.1.0/24 network. The FBF filter only has one term that matches the traffic from the 172.25.0.0/24 network and directs it to the ISP-1 routing instance. The traffic from the 172.25.1.0/24 network does not match this term and is therefore discarded by the implicit deny action at the end of the filter. The traffic from the 172.25.1.0/24 network should be forwarded to the ISP-2 routing instance, which has a static default route to the next hop 172.21.0.2.

To solve this problem, you must add another term to the FBF filter to accept the traffic from the 172.25.1.0/24 network. This term should have the action accept, which means that the traffic will be forwarded according to the routing table of the master routing instance. The master routing instance has a static default route to the ISP-2 routing instance, which in turn has a static default route to the next hop 172.21.0.2. By adding this term, the traffic from the 172.25.1.0/24 network will be forwarded to the upstream 172.21.0.2 neighbor as expected.

The configuration of the new term in the FBF filter could look something like this:

[edit firewall family inet filter FBF] term 2 { from { source-address { 172.25.1.0/24; } } then { accept; } }

References: Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents: