Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Juniper SRX formatter #101

Merged
merged 6 commits into from
Sep 21, 2024
Merged

Implement Juniper SRX formatter #101

merged 6 commits into from
Sep 21, 2024

Conversation

tony-butchart
Copy link
Contributor

Add formatter for Juniper SRX series Firewalls which only support dynamic address lists with IP addresses (host or network) in CIDR notation. I've also updated the Docker readme to include documentation on how to use this formatter.

This can be utilised by any SRX firewall running Junos 18.4R1 or higher as per the following Junos CLI reference document:

https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/dynamic-address.html

I have validated this in a lab using my own SRX running Junos 22.3R3-S1.3

user@srx> show security dynamic-address summary

Dynamic-address session scan status            : Disable
Hold-interval for dynamic-address session scan : 10 seconds

  Server Name                 : crowdsec
    Hostname/IP               : http://192.168.1.2:41412
    Update interval           : 30
    Hold   interval           : 86400
    TLS Profile Name          : ---
    User        Name          : ---

    Feed Name                             : crowdsec
        Mapped dynamic address name       : crowdsec-blocklist
        URL                               : http://192.168.1.2:41412/security/blocklist.txt
        Feed update interval              : 30       Feed hold interval :86400
        Total update                      : 16310
        Total IPv4 entries                : 16240

Note that using this formatter successfully does require modifying the endpoint configuration value in cfg.yaml to include a .txt suffix for the SRX to correctly identify the format (SRX also supports multiple .txt address lists packed in the .gz archive format).
I've noted this in the documentation, but this does mean that there would be a limitation in that SRX devices wouldn't support Global RunTime Query Parameters in their current format.

@tony-butchart tony-butchart changed the title Implement Juniper SRX formater Implement Juniper SRX formatter Jul 19, 2024
@LaurenceJJones
Copy link
Contributor

Hey 👋🏻

Apologizes I missed this PR, thank you for opening this!

Seems pretty simple, I wont be able to test it on an actual system but if your happy and the documentation is quite sufficient on how users can implement it then LGTM!

@LaurenceJJones LaurenceJJones merged commit 4e1fbfe into crowdsecurity:main Sep 21, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LaurenceJJones LaurenceJJones LaurenceJJones approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tony-butchart @LaurenceJJones