Configuring Juniper Connected Security with ATP Cloud and Policy Enforcer (Without Guided Setup)

Step-by-Step Procedure

Create one or more ATP Cloud realms and enroll SRX Series devices in the appropriate realm. (Enroll devices by clicking Add Devices in the list view once the realm is created.)

To create ATP Cloud realms:

1. In the UI, navigate to Configure > Threat Prevention >ATP Cloud Realms.

2. Click the + icon to add a new ATP Cloud realm.

3. Complete the following configuration:

   1. Enter the location by selecting a region of the world from the available choices.

   2. Enter a username. Your username for ATP Cloud is your e-mail address.

   3. Enter a password. It should be a unique string at least 8 characters long, and include uppercase and lowercase letters, at least one number, and at least one special character.

   4. Enter a name for the security realm. The name can contain alphanumeric characters and the dash symbol, and should be a name that is meaningful to your organization.

   5. Click OK.

Step-by-Step Procedure

A Secure Fabric is a collection of sites which contain network devices (switches, routers, firewalls, and other security devices) used in policy enforcement groups.

1. In the UI, navigate to Devices > Secure Fabric.

2. Click the + icon to create a new site.

3. Enter the following details for the new site:

   1. Site name.

   2. Description (Optional).

4. Click OK.

5. Assign or reassign devices to a site.

   1. Click an existing device to edit it or click Add Enforcement Points.

   2. On the Add Enforcement Points page, select the check box beside a device in the Available list and click the > icon to move it to the Selected list.

   3. Click OK.

Step-by-Step Procedure

Create a policy enforcement group by adding endpoints under one common group name and later applying a threat prevention policy to that group.

To create a policy enforcement group:

1. In the UI, navigate to Configure > Shared Objects > Policy Enforcement Groups .

2. Click the + icon to create a new policy enforcement group.

3. Enter the following details:

   1. Name.

   2. Description (Optional).

   3. Select a group type from the available choices: IP address/subnet or location.

   4. Select the check box beside the IP address of the endpoint devices in the Available list and click the > icon to move them to the Selected list. The endpoints in the Selected list will be included in the policy enforcement group.

   5. If the endpoint you want does not appear in the list, add it as an Additional IP and click the Add button.

   6. Click OK.

Step-by-Step Procedure

Add the threat prevention policy, including profiles for one or more threat types: C&C server, infected host, malware.

1. In the UI, navigate to Configure > Threat Prevention > Policies.

2. Click the + icon to create a new threat prevention policy.

3. Enter the following details:

   1. Name.

   2. Description.

   3. Select the desired profile(s). Table 1 provides details of available profiles and respective actions.

      Table 1: Profiles Available for Threat Prevention Policy

      Profiles	Selecting Profile	Policy Action
      Command and Control Server	Select the check box to include management for this threat type in the policy.	Use the slider to change the action to be taken based on the threat score. Select one of the following actions: Drop connection silently (This is the default and recommended setting.) Close connection and do not send a message.
      Infected Host	Include infected host profile in policy.	Select one of the following actions: Drop connection silently (This is the default and recommended setting.) Quarantine—In the field provided, enter a VLAN to which quarantined files are sent. (Note that the fallback option is to block and drop the connection silently.)
      Malware (HTTP file download and SMTP File attachment)	Include malware profile in policy: HTTP file download SMTP File Attachment	Select one of the following actions: For HTTP file download: Drop connection silently and Close connection and do not send a message. For SMTP File Attachment: Quarantine, Deliver malicious messages with warning headers added, and Permit.

   4. Select a log setting (Policy setting for all profiles).

   5. Click OK.

4. Click OK.

Step-by-Step Procedure

Apply your threat prevention policies to policy enforcement groups. When threat prevention policies are applied to policy enforcement groups, the system automatically discovers to which sites those groups belong.

1. In the UI, navigate to Configure >Threat Prevention > Policies and find the appropriate policy.

2. In the Policy Enforcement Groups column, click the Assign to Groups link that appears here when there are no policy enforcement groups assigned, or click the group name that appears in this column to edit the existing list of assigned groups. You can also select the check box beside a policy and click the Assign to Groups button at the top of the page.

3. On the Assign to Policy Enforcement Groups page, select the check box beside a group in the Available list and click the > icon to move it to the Selected list. The groups in the Selected list will inherit the policy.

4. Click OK.

   The system performs a rule analysis, and prepares device configurations that include the threat prevention policies.

5. Once the analysis is complete, instruct the system to push the updated policy to the SRX devices by clicking Update button.

6. When the push is complete, the system returns to the Policies page.