Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add SRX Series Firewalls to ATP Appliance Zones

Configure MSSP Multi-Tenancy Zones

Note:

These instructions pertain to ATP Appliance zones and the SRX Series Firewall. The full section for ATP Appliance Zone configuration can be found in the Operator’s Guide. Configuring MSSP Multi-Tenancy Zones.

You can now add SRX Series Firewalls to zones along with traffic collectors. All tenant collectors and SRX Series Firewalls are connected to the ATP Appliance Core cluster hosted at the MSSP multi-tenancy site. All management of incidents is performed by the MSSP; tenants do not have access to the Core cluster.

A configured zone identifies incidents and events per tenant. The MSSP defines a zone per tenant and groups all collectors and SRX Series Firewalls associated with a tenant to a tenant-specific Zone. ATP Appliance’s event correlation stages track all events per originating zone, and correlate events within the same zone. In this way, the multi-tenant MSSP manages incidents per zone/tenant and controls all zoned ATP Appliance Central Managers per tenant using the ATP Appliance Manager of Central Managers (MCM).

To configure MSSP Zones:

  1. From the ATP Appliance Appliance Central Manager Web UI, navigate to Config>System Profiles>Zones.

  2. Create the new MSSP Zone.

  • View Zone data from the ATP Appliance Appliance Central Manager Web UI Incidents page.

  • Generate Reports that include Zone analytics from the ATP Appliance Appliance Web UI Reports tab.

Figure 1: Zones ConfigurationZones Configuration

Add SRX Series Firewalls to Existing Zones

When an SRX Series Firewall enrolls to ATP ApplianceSRX , it is automatically added to a “default zone.” Use the following instructions to move an SRX Series Firewall to a different zone.

Note:

A zone must already exist in ATP Appliance before you can add an SRX Series Firewall to it.

To move an SRX Series Firewall to a different zone, do the following:

  1. At the ATP Appliance Appliance Central Manager Web UI, navigate to Config>System Profiles>SRX Settings.

  2. Select the SRX Series Firewall and click Edit.

  3. In the window that appears, select the Zone to which you want to add the SRX Series Firewall and click Submit.

    Figure 2: Move SRX Series Firewall to a different ATP Appliance Zone Move SRX Series Firewall to a different ATP Appliance Zone

Note the following:

  • From the SRX Settings>Config tab, you can view a column that displays the zone to which the SRX Series Firewall belongs.

  • From the Mitigation>Hosts tab, you can view a column in the list of infected hosts that displays the zone to which the SRX Series Firewall belongs.

  • Infected host feeds are sent to SRX Series Firewalls on a per zone basis.

  • View zone data from the ATP Appliance Appliance Central Manager Web UI Incidents page.

  • Generate reports that include zone analytics from the ATP Appliance Appliance Web UI Reports tab.

Figure 3: Enrolled SRX Series Firewalls with Zone AssignmentsEnrolled SRX Series Firewalls with Zone Assignments
Figure 4: Infected Hosts with Zone AssignmentsInfected Hosts with Zone Assignments