Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure SecIntel Feeds for MX Series Routers

Overview

SecIntel provides carefully curated, verified threat intelligence from Juniper ATP Cloud to MX Series routing platforms, blocking command-and-control communications to and from malicious IPs at unparalleled line rate​.

With SecIntel and MX Series router integration, you can:

  • Detect and block known malicious IPs, infected C&C hosts, and DDoS attacks​.
  • Sinkhole malicious DNS requests.​
  • Enable customer IP threat feeds.

Starting in Junos OS 19.3R1 and later releases, SecIntel feeds are supported on MX240, MX480, and MX960 routers with the use of Policy Enforcer.

Overview

Starting in Junos OS 22.1R1 and later releases, SecIntel feed on the MX devices include GeoIP filtering as well as direct enrollment option to Juniper ATP Cloud.

Direct Enrollment to Juniper ATP Cloud is supported on MX240, MX480, and MX960 routers.

Overview

For more information, see Juniper SecIntel on MX.

Benefits

With SecIntel and MX Series router integration, you can:

  • Shut down attacks before they start​.

  • Protect users, applications, and infrastructure from compromise—including subscribers.​

  • Turn connectivity layers into security layers without additional infrastructure.​

Usecase 1: Direct Enrollment to Juniper ATP Cloud

In earlier releases, MX Series routers downloaded SecIntel feeds through Junos Space Security Director/ Policy Enforcer. Starting in Junos OS Release 22.1R1, MX Series routers can download global SecIntel feeds directly from Cloud Feeds without enrolling to Juniper ATP Cloud.

In this usecase, we'll see how to enroll an MX Series router to Juniper ATP Cloud without connecting to Junos Space Security Director or Policy Enforcer.

Topology

Usecase 1: Direct Enrollment to Juniper ATP Cloud

Prerequisites

  • Juniper SecIntel for MX Series Universal Router license ( -S-MXxxx-CSECINTELx).

Workflow

  1. Get a SecIntel license from Juniper for your MX Series Universal Router. For MX Series Universal Router licenses, see Software Licenses for MX Series Routers and MPC Service Cards. You will need the Software Serial Number (SSRN).​

  2. Enroll the MX Series router to Juniper ATP Cloud.​

  3. Verify the feeds from Juniper ATP Cloud.​

  4. Implement filtering configuration to enforce the downloaded feeds.

Configurations required on MX Series router

  • Enrollment script​
  • Filter configuration

You can only configure US region cloudfeed endpoint. All the MX cloudfeed request are served only from US region CF.

Software Support Reference Number (SSRN) is a software serial number provided on the fulfillment document which ships electronically following the purchase of your Juniper software license.

If the license has already been installed for your software, the Software Support Reference Number (SSRN) may be obtained by running the show system license command. The SSRN is included as the first 12 numerical digits of the 'Software Serial Number' listed in JUNOS.

Some products will report their SSRN in the below format, which creates a unique identifier for each software instance purchased. In this scenario, remove the suffix letters, which will leave the actual numeric SSRN to be used for support entitlement purposes.

To receive feeds from Cloud feeds, first enroll the MX Series router with Juniper ATP Cloud. Sample command to enroll is:

To remove the SecIntel configuration from MX Series router, you must dis-enroll the device. Sample command to dis-enroll is:

The following global SecIntel feeds are available for MX series routers:

  • cc_ip_data
  • cc_ipv6_data
  • cc_ip_blocklist
  • geoip_country
  • geoip_country_ipv6

Benefits

  • No complex setup using Junos Space SD or PE.​
  • Simple configuration to enforce downloaded feeds.

Usecase 2: Enrollment to Juniper ATP Cloud Using Junos Space Security Director and Policy Enforcer.

In this usecase, we'll see how to enroll an MX Series router to Juniper ATP Cloud using Junos Space Security Director and Policy Enforcer.

Topology

Usecase 2: Enrollment to Juniper ATP Cloud Using Junos Space Security Director and Policy Enforcer.

Workflow

  • Configuration of Junos Space Security Director and Policy Enforcer.
  • Discovery of MX Series router in Junos Space added as a device in Threat Protection Fabric (This is enrollment process for MX Series router to Policy Enforcer).
  • License requirements (Reach out to Juniper Sales / Account Team).

Configuration required on MX Series router and SD/PE

  • Custom feed configuration in SD.
  • Understanding how feeds are applied on MX Series router.
  • Filter configuration on MX Series router.

Benefits

  • Feeds can be customized for each customer’s serviced by a VRF on the service providers router.
  • All threat mitigation are processed at line rate improving performance.

Usecase 3: Identify and Block Command-and-Control Traffic on MX Series Router​

In this usecase, we'll see how to block C&C traffic at the network edge in a connected security setup. Here, the client is trying to reach a C&C server and the MX router is used to block the traffic.

Topology

Usecase 3: Identify and Block Command-and-Control Traffic on MX Series Router​

Configurations required on MX Series router and SD/PE

  • Juniper ATP Cloud C&C feed and Security Director with Policy Enforcer​.

  • Juniper MX Series router​.

Workflow

  1. Policy Enforcer downloads C&C feed from Juniper ATP Cloud​.

  2. Juniper MX Series router downloads C&C feed from Policy Enforcer​.

  3. Juniper MX Series router adds IP data to Ephemeral DB filter​.

  4. Juniper MX Series router drops traffic to/from C&C servers listed in C&C feed, protecting against Botnets & Malware​.

  5. Juniper MX Series router offloads C&C protection from firewalls that are under load or cannot support C&C feeds.

For configuration details, see SecIntel on MX Demo.