- play_arrow Introduction
- play_arrow Customer Portal Overview
- About the Customer Portal User Guide
- Customer Portal Overview
- Accessing Customer Portal
- Personalize the Customer Portal
- Switching the Tenant Scope
- Setting Up Your Network with Customer Portal
- About the Customer Portal Dashboard
- Changing the Customer Portal Password
- Resetting the Password
- Changing the Password on First Login
- Set a New Password After Your Existing Password Expires
- Configuring Two-Factor Authentication
- Extending the User Login Session
- Resend Activation Link in Customer Portal
- View and Edit Tenant Settings
- play_arrow Users and Roles
- Role-Based Access Control Overview
- About the Users Page in Customer Portal
- Adding Tenant and OpCo Tenant Users
- Editing and Deleting Tenant and OpCo Tenant Users
- Resetting the Password for Tenant Users
- Roles Overview
- About the Tenant Roles Page
- Adding User-Defined Roles for Tenant Users
- Editing, Cloning, and Deleting User-Defined Roles for Tenant Users
- Access Privileges for Role Scopes (Tenant and Operating Company)
- play_arrow SD-WAN and NGFW Deployments
-
- play_arrow Managing Sites, Site Groups, and Site Templates
- play_arrow Managing Sites
- About the Site Management Page
- Multihoming Overview
- Enterprise Hubs Overview
- Understand BGP Underlay Routing and Provider Edge (PE) Resiliency
- Upgrading Sites Overview
- Add Enterprise Hubs with SD-WAN Capability
- Add Provider Hub Sites in SD-WAN Deployments
- Adding Cloud Spoke Sites for SD-WAN Deployment
- Provisioning a Cloud Spoke Site in AWS VPC
- Manually Adding Branch Sites
- Add a Branch Site with SD-WAN Capability
- Adding and Provisioning a Next Generation Firewall Overview
- Enabling Integration with Mist Access Points
- Add a Standalone Next-Generation Firewall Site
- Managing LAN Segments on a Tenant Site
- Manage a Site
- Start a Network Service
- Disable a Network Service
- Delete a Network Service
- Add IP VPN Configuration to Provider Hubs
- Edit IP VPN Configuration for Provider Hubs
- Delete IP VPN Configuration from Provider Hubs
- Viewing the Sites History
- Edit Site Overview
- Edit Branch and Enterprise Hub Site Parameters
- Reconfigure Static Tunnels
- Edit Site Examples
- Upgrading Sites
- Delete a Site—Enterprise Hub, Cloud Spoke, and Branch
- play_arrow Managing Site Groups
- play_arrow Managing Site Templates
- play_arrow Managing Mesh Tags
- play_arrow Managing Dynamic Mesh
-
- play_arrow Managing Devices and Resources
- play_arrow Managing Authentication
- play_arrow Managing Devices
- Device Redundancy Support Overview
- Activate a Device
- Activating Dual CPE Devices (Device Redundancy)
- Viewing the History of Tenant Device Activation Logs
- Zero Touch Provisioning Overview
- Workflow for Onboarding a Device Using ZTP
- Configure an SRX Series CPE to Discover an EX Series Switch or AP Connected to the CPE
- play_arrow Managing Device Images
- play_arrow Managing Resources
- Multidepartment CPE Device Support
- About the Devices Page
- Perform Return Material Authorization (RMA) for a Device
- Grant Return Material Authorization (RMA) for a Device
- Manage a Single CPE Device
- Rebooting a CPE Device
- Configuring APN Settings on CPE Devices
- Identifying Connectivity Issues by Using Ping
- Identifying Connectivity Issues by Using Traceroute
- Remotely Accessing a Device CLI
- View the Current Configuration on a Device
- Generate Device RSI for Enterprise Hub and Spoke Devices
- Configuring the Firewall Device
- About the Physical Interfaces Page
- About the Logical Interfaces Page
- Adding a Logical Interface
- Editing, Deleting, and Deploying Logical Interfaces
- Enable LLDP on a CPE Interface
- Create LAG Interface
- Create a RETH Interface
- Create a Redundancy Group
- Manage Redundancy Groups
- Adding a Security Zone
- Adding a Routing Instance
- Create Management Connectivity Between a CPE and a Switch
- Discover an EX Series Switch or APs Configured Behind a CPE
- View an EX Series Switch or an AP on Mist
- View an SRX Series CPE on Juniper Mist
- About the Static Routes Page
- Adding a Static Route
- Editing, Deleting, and Deploying Static Routes
- play_arrow Managing Device Templates
- play_arrow Managing Configuration Templates
- Configuration Templates Overview
- Configuration Templates Workflow
- About the Configuration Templates Page
- Predefined Configuration Templates
- Edit, Clone, and Delete Configuration Templates
- Deploy Configuration Templates to Devices
- Undeploy a Configuration Template from a Device
- Dissociate a Configuration Template from a Device
- Preview and Render Configuration Templates
- Import Configuration Templates
- Export a Configuration Template
- Assign Configuration Templates to Device Templates
- Add Configuration Templates
- Jinja Syntax and Examples for Configuration Templates
- View the Configuration Deployed on Devices
- play_arrow Managing Licenses
- play_arrow Managing Signature Database and Certificates
- Signature Database Overview
- About the Signature Database Page
- Manually Installing Signatures
- Automating Signature Database Installation
- Managing Signature Installation Settings (Auto Installation)
- Certificates Overview
- About the Certificates Page
- Importing a Certificate
- Installing and Uninstalling Certificates
- About the VPN Authentication Page
- Modify PKI Settings for All Sites
- Modify PKI Settings for Selected Sites
- play_arrow Managing Juniper Identity Management Service
-
- play_arrow Managing Policies, Profiles, and Proxies
- play_arrow Managing Firewall Policies
- Firewall Policy Overview
- About the Firewall Policy List Page
- About the Firewall Policy Name Page
- Adding a Firewall Policy
- Editing and Deleting Firewall Policies
- Adding Firewall Policy Intents
- Editing, Cloning, and Deleting Firewall Policy Intents
- Selecting Firewall Source
- Selecting Firewall Destination
- Firewall Policy Examples
- Firewall Policy Schedules Overview
- About the Firewall Policy Schedules Page
- Creating Schedules
- Editing, Cloning, and Deleting Schedules
- Deploying Firewall Policies
- About the Default Profiles for Unified Firewall Policy Page
- Editing Default Settings for the Unified Firewall Policy
- Importing Policies Overview
- Importing Firewall Policies
- play_arrow Managing Content Security Profiles
- Content Security Overview
- Configuring Content Security Settings
- About the Content Security Profiles Page
- Creating Content Security Profiles
- Editing, Cloning, and Deleting Content Security Profiles
- About the Web Filtering Profiles Page
- Creating Web Filtering Profiles
- Editing, Cloning, and Deleting Web Filtering Profiles
- About the Antivirus Profiles Page
- Creating Antivirus Profiles
- Editing, Cloning, and Deleting Antivirus Profiles
- About the Antispam Profiles Page
- Creating Antispam Profiles
- Editing, Cloning, and Deleting Antispam Profiles
- About the Content Filtering Profiles Page
- Creating Content Filtering Profiles
- Editing, Cloning, and Deleting Content Filtering Profiles
- About the URL Patterns Page
- Creating URL Patterns
- Editing, Cloning, and Deleting URL Patterns
- About the URL Categories Page
- Creating URL Categories
- Editing, Cloning, and Deleting URL Categories
- play_arrow Managing SLA Profiles and SD-WAN Policies
- Traffic Steering Profiles and SD-WAN Policies Overview
- About the SD-WAN Policy Page
- Creating SD-WAN Policy Intents
- Editing and Deleting SD-WAN Policy Intents
- Application Quality of Experience Overview
- Configure and Monitor Application Quality of Experience
- About the SLA-Based Steering Profiles Page
- Adding SLA-Based Steering Profiles
- Editing and Deleting SLA-Based Steering Profiles
- About the Path-Based Steering Profiles Page
- Adding Path-Based Steering Profiles
- Editing and Deleting Path-Based Steering Profiles
- Breakout and Breakout Profiles Overview
- About the Breakout Profiles Page
- Adding Breakout Profiles
- Adding Cloud Breakout Settings
- Assigning Cloud Breakout Settings to Sites
- Detaching Cloud Breakout Settings from Sites
- Editing Breakout Profiles and Cloud Breakout Settings
- Deleting Breakout Profiles and Cloud Breakout Settings
- Configuring Breakout on SD-WAN Sites
- play_arrow Managing NAT Policies
- NAT Policies Overview
- About the NAT Policies Page
- Creating NAT Policies
- Editing and Deleting NAT Policies
- About the Single NAT Policy Page
- Creating NAT Policy Rules
- Editing, Cloning, and Deleting NAT Policy Rules
- Deploying NAT Policy Rules
- Selecting NAT Source
- Selecting NAT Destination
- NAT Pools Overview
- About the NAT Pools Page
- Creating NAT Pools
- Editing, Cloning, and Deleting NAT Pools
- Deploying NAT Policies
- Importing NAT Policies
- play_arrow Managing IPS Signatures and Profiles
- About the IPS Signatures Page
- Create IPS Signatures
- Create IPS Signature Static Groups
- Create IPS Signature Dynamic Groups
- Edit, Clone, and Delete IPS Signatures
- Edit, Clone, and Delete IPS Signature Static Groups
- Edit, Clone, and Delete IPS Signature Dynamic Groups
- About the IPS Profiles Page
- Create IPS Profiles
- Edit, Clone, and Delete IPS Profiles
- About the <IPS-Profile-Name> / Rules Page
- Create IPS or Exempt Rules
- Edit, Clone, and Delete IPS or Exempt Rules
- play_arrow Managing SSL Proxies
- SSL Forward Proxy Overview
- About the SSL Proxy Policy Page
- Creating SSL Proxy Policy Intents
- Editing, Cloning, and Deleting SSL Proxy Policy Intents
- Understanding How SSL Proxy Policy Intents Are Applied
- About the SSL Proxy Profiles Page
- Creating SSL Forward Proxy Profiles
- Editing, Cloning, and Deleting SSL Forward Proxy Profiles
- Configuring and Deploying an SSL Forward Proxy Policy
- play_arrow Deploying Policies
-
- play_arrow Managing Network Services and Shared Objects
- play_arrow Configuring Network Services
- play_arrow Managing Shared Objects
- Addresses and Address Groups Overview
- About the Addresses Page
- Creating Addresses or Address Groups
- Editing, Cloning, and Deleting Addresses and Address Groups
- Services and Service Groups Overview
- About the Services Page
- Creating Services and Service Groups
- Creating Protocols
- Editing and Deleting Protocols
- Editing, Cloning, and Deleting Services and Service Groups
- Application Signatures Overview
- About the Application Signatures Page
- Understanding Custom Application Signatures
- Adding Application Signatures
- Editing, Cloning, and Deleting Application Signatures
- Adding Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- About the Departments Page
- Add a Department
- Delete a Department
- About the Protocols Page
- Add a Protocol Endpoint
- Edit or Delete Protocol Endpoint
-
- play_arrow Monitoring Jobs and Audit Logs
- play_arrow Managing Jobs
- play_arrow Managing Audit Logs
-
- play_arrow Managing Reports
- play_arrow Security Reports
- Reports Overview
- About the Security Report Definitions Page
- Scheduling, Generating, Previewing, and Sharing Security Reports
- About the Security Generated Reports Page
- Creating Log Report Definition
- Creating Bandwidth Report Definition
- Creating ANR Report Definition
- Editing, Deleting, and Cloning Log Report Definitions
- Editing, Deleting, and Cloning Bandwidth Report Definitions
- Editing, Deleting, and Cloning ANR Report Definitions
- play_arrow SD-WAN Reports
-
About the Threats Map (Live) Page
Use this page to visualize incoming and outgoing threats between geographic regions. You can view blocked and allowed threat events based on feeds from intrusion prevention systems (IPS), antivirus, and antispam engines, unsuccessful login attempts, and screen options. You can also click a specific geographical location to view the event count and the top five inbound and outbound IP addresses.
The threat data is displayed starting from 12:00 AM (midnight) up to the current time (in your time zone) on that day and is updated every 30 seconds. The current date and time is displayed at the top right and a legend is displayed at the bottom left of the page.
If a threat occurs when you are viewing the page, an animation shows the country from which the threat originated (source) and the country in which the threat occurred (destination).
For threats with unknown geographical IP addresses (private IP addresses), the animation shows the threat originating from the bottom center of the geographical map.
Tasks You Can Perform
You can perform the following tasks from this page:
Toggle between updating the data and allowing live updates—Click the Pause icon to stop the page from updating the threat map data and to stop animations. Click the Play icon to update the page data and resume animations.
Zoom in and out of the page—Click the zoom in (+) and zoom out (–) icons to zoom in and out of the page.
Pan the page—Click and drag the mouse to pan the page.
View country-specific details:
Click a country on the threat map to view threat information specific to that country. A Country-Name pop-up appears displaying country-specific information.
Click the View Details link in the Country-Name pop-up to view additional details. The Country-Name (Details) panel appears.
For more information, see Table 1.
Field | Description | Displayed In |
|---|---|---|
Number-of-threat-events Threat Events since 12:00 am | Displays the total number of threat events (inbound and outbound) since midnight for that country. Click the hyperlinked number to go to the All Events page, where you can view more information about the events. | Country-Name pop-up |
Inbound (Number-of-threat-events) | Displays the total number of inbound threats for the country and the IP address and the number of events for that IP address for the top five inbound events. | Country-Name pop-up |
Outbound (Number-of-threat-events) | Displays the total number of outbound threats for the country and the IP address and the number of events for that IP address for the top five outbound events. | Country-Name pop-up |
Number-of-threat-events Events since 12:00 am | Displays the total number of threat events (inbound and outbound) since midnight for that country. Click the hyperlinked number to go to the All Events page, where you can view more information about the events. | Country-Name (Details) panel |
Number-of Inbound Events | Displays the total number of inbound threats for the country and the number of inbound threat events for each of the following categories:
Click the hyperlinked number for a category to go to the page for that category, where you can view more information about that category. For example, clicking the hyperlinked number for IPS threats takes you to the IPS Events page. Click the Top 5 IP Addresses (Inbound) to view the IP address and the number of events for that IP address for the top five inbound events. | Country-Name (Details) panel |
Number-of Outbound Events | Displays the total number of outbound threats for the country and the number of outbound threat events for each of the following categories:
Click the hyperlinked number for a category to go to the page for that category, where you can view more information about that category. For example, clicking the hyperlinked number for screens takes you to the Screen Events page. Click the Top 5 IP Addresses (Outbound) to view the IP address and the number of events for that IP address for the top five outbound events. | Country-Name (Details) panel |
Field Descriptions
Table 2 displays the fields the Threats Map (Live) page.
Field | Description |
|---|---|
Total Threats Blocked & Allowed | Displays the total number of threats blocked and allowed. Click the hyperlinked number to go to the All Events page (filtered view of the Detail View tab), where you can view more information about the IPS, virus, spam, device authentication, and screen events. |
Threats Blocked & Allowed | Displays the total number of threats blocked and allowed by the following categories:
Click the hyperlinked number for a category to go to the page for that category, where you can view more information about that category. For example, clicking the hyperlinked number for IPS threats takes you to the IPS Events page (filtered view of the Detail View tab). |
Top Target Devices | Displays the top five targeted devices and the number of threats per device. Click the hyperlink for a device to go to the All Events page (filtered view of the Detail View tab), where you can view more information about the IPS, virus, spam, device authentication, and screen events for that device. |
Top Destination Countries | Displays the top five destination countries and the number of threats per country. Click the hyperlink for a country to go to the All Events page (filtered view of the Detail View tab), where you can view more information about the IPS, virus, spam, device authentication, and screen events for that country. |
Top Source Countries | Displays the top five source countries and the number of threats per country. Click the hyperlink for a country to go to the All Events page (filtered view of the Detail View tab), where you can view more information about the IPS, virus, spam, device authentication, and screen events for that country. Note: For threats with unknown geographical IP addresses (private IP addresses), the country name is displayed as Undefined. So, when you click the hyperlinked threat count and go to the All Events page, the filter query uses Undefined as the source country. |
Threat Types
The Threats Map (Live) page displays blocked and allowed threat events based on feeds from IPS, antivirus, and antispam engines, unsuccessful login attempts, and screen options. Table 3 describes different types of threats blocked and allowed.
Attack | Description |
|---|---|
IPS threat events | Intrusion detection and prevention (IDP) attacks detected by the IDP module. The information reported about the attack (displayed on the IPS Events page) includes information about:
|
Virus events | Virus attacks detected by the antivirus engine. The information reported about the attack (displayed on the Antivirus Events page) includes information about:
|
Spam events | E-mail spam that is detected based on the blocklist spam e-mails. The information reported about the attack (displayed on the Antispam Events page) includes information about:
|
Device authentications | The firewall authentication messages generated due to unauthorized attempts to access the network. The reported information (displayed on the All Events page) contains the reason for authentication failure and the source of the request. |
Screen events | Events that are detected based on screen options. The information reported about the attack (displayed on the Screen Events page) includes information about:
|
