Juniper Advanced Threat Prevention Cloud Configuration Overview

(optional) Update the administrator profile

Update your administrator profile to add more users with administrator privileges to your security realm and to set the thresholds for receiving alert emails. A default administrator profile is created when you register an account.

This step is done in the Web UI.

Modify My Profile

Create and Edit User Profiles

Enroll your SRX Series Firewalls

Select the SRX Series Firewalls to communicate with Juniper ATP Cloud. Only those listed in the management interface can send files to the cloud for inspection and receive results.

This step is done in the Web UI and on your SRX Series Firewall.

Enroll an SRX Series Firewall Using Juniper ATP Cloud Web Portal

Set misc configurations

Select Configure > Misc Configuration to set the default threshold and optionally, e-mail accounts when certain thresholds are reached. For example, you can send e-mails to an IT department when thresholds of 5 are met and send e-mails to an escalation department when thresholds of 9 are met.

Web UI tooltips and online help

(optional) Create allowlists and blocklists

Create allowlists and blocklists to list network nodes that you trust and don’t trust. Allowlisted websites are trusted websites where files downloaded from do not need to be inspected. Blocklisted websites are locations from which downloads should be blocked. Files downloaded from websites that are not in the allowlist or blocklist are sent to the cloud for inspection.

This step is done in the Web UI.

Create Allowlists and Blocklists

(optional) Create the Juniper ATP Cloud profile

Juniper ATP Cloud profiles define which file types are to be sent to the cloud for inspection. For example, you may want to inspect executable files but not documents. If you don’t create a profile, the default one is used.

This step is done in the Web UI.

File Inspection Profiles Overview

(optional) Identify compromised hosts

Compromised hosts are systems where there is a high confidence that attackers have gained unauthorized access. Once identified, Juniper ATP Cloud recommends an action and you can create security policies to take enforcement actions on the inbound and outbound traffic on these infected hosts.

This step is done on the SRX Series Firewall.

Compromised Hosts: More Information

(optional) Block outbound requests to a C&C host

The SRX Series Firewall can intercept and perform an enforcement action when a host on your network tries to initiate contact with a possible C&C server on the Internet.

This step is done on the SRX Series Firewall.

Command and Control Servers: More Information

Configure the Advanced Anti-Malware Policy on the SRX Series Firewall

Advanced anti-malware security policies reside on the SRX Series Firewall and determine which conditions to send files to the cloud and what to do when a file when a file receives a verdict number above the configured threshold.

This step is done on the SRX Series Firewall.

Juniper Advanced Threat Prevention Cloud Policy Overview

Configure the Security Intelligence Policy on the SRX Series Firewall

Create the security intelligence policies on the SRX Series Firewall to act on infected hosts and attempts to connect with a C&C server.

This step is done on the SRX Series Firewall.

Configure the SRX Series Firewall to Block Infected Hosts

Configure the SRX Series Firewall to Block Outbound Requests to a C&C Host

Enable the firewall policy

Create your SRX Series firewall policy to filter and log traffic in the network using the set security policies from-zone to-zone CLI commands.

This step is done on the SRX Series Firewall.

Configure the SRX Series Firewall to Block Infected Hosts

Configure the SRX Series Firewall to Block Outbound Requests to a C&C Host

Example: Configure Juniper Advanced Threat Prevention Cloud Policy