- play_arrow Junos Space Security Director
- play_arrow Dashboard
- play_arrow Overview
-
- play_arrow Monitor
- play_arrow Events and Logs-All Events
- Events and Logs Overview
- Creating Alerts
- Creating Reports
- Creating Filters
- Grouping Events
- Using Events and Logs Settings
- Selecting Events and Logs Table Columns
- Viewing Threats
- Viewing Data for Selected Devices
- Using the Detailed Log View
- Using the Raw Log View
- Showing Exact Match
- Using Filter on Cell Data
- Using Exclude Cell Data
- Showing Firewall Policy
- Showing Source NAT Policy
- Showing Destination NAT Policy
- Downloading Packets Captured
- Showing Attack Details
- Using Filters
- play_arrow Events and Logs-Firewall
- play_arrow Events and Logs-Web Filtering
- play_arrow Events and Logs-VPN
- play_arrow Events and Logs-Content Filtering
- play_arrow Events and Logs-Antispam
- play_arrow Events and Logs-Antivirus
- play_arrow Events and Logs-IPS
- play_arrow Events and Logs-Screen
- play_arrow Events and Logs-ATP Cloud
- play_arrow Events and Logs-Apptrack
- play_arrow Threat Prevention-Hosts
- play_arrow Threat Prevention-C&C Servers
- play_arrow Threat Prevention-HTTP File Download
- play_arrow Threat Prevention-Email Quarantine and Scanning
- play_arrow Threat Prevention-IMAP Block
- play_arrow Threat Prevention-Manual Upload
- play_arrow Threat Prevention-Feed Status
- play_arrow Threat Prevention-All Hosts Status
- play_arrow Threat Prevention-DDoS Feeds Status
- play_arrow Applications
- play_arrow Live Threat Map
- play_arrow Threat Monitoring
- play_arrow Alerts and Alarms - Overview
- play_arrow Alerts and Alarms-Alerts
- play_arrow Alerts and Alarms-Alert Definitions
- play_arrow Alerts and Alarms-Alarms
- play_arrow VPN
- play_arrow Insights
- play_arrow Job Management
- Using Job Management in Security Director
- Overview of Jobs in Security Director
- Archiving and Purging Jobs in Security Director
- Viewing the Details of a Job in Security Director
- Canceling Jobs in Security Director
- Reassigning Jobs in Security Director
- Rescheduling and Modifying the Recurrence of Jobs in Security Director
- Retrying a Failed Job on Devices in Security Director
- Exporting the Details of a Job in Security Director
- Job Management Main Page Fields
- play_arrow Audit Logs
- play_arrow Packet Capture
- play_arrow NSX Inventory-Security Groups
- play_arrow vCenter Server Inventory-Virtual Machines
- play_arrow Data Plane Packet Capture
-
- play_arrow Devices
- play_arrow Security Devices
- Using Features in Security Devices
- Security Devices Overview
- Add Devices to Juniper Security Director Cloud
- Updating Security-Specific Configurations or Services on Devices
- Resynchronizing Managed Devices with the Network in Security Director
- Performing Commit Check
- Logical Systems Overview
- Tenant Systems Overview
- Create a Logical System
- Create a Tenant System
- Uploading Authentication Keys to Devices in Security Director
- Modifying the Configuration of Security Devices
- Modifying the Basic Configuration for Security Devices
- Modifying the Static Routes Configuration for Security Devices
- Modifying the Routing Instances Configuration for Security Devices
- Modifying the Physical Interfaces Configuration for Security Devices
- Modifying the Syslog Configuration for Security Devices
- Modifying the Security Logging Configuration for Security Devices
- Modifying the Link Aggregation for Security Devices
- Modifying the User Management Configuration for Security Devices
- Modifying the Screens Configuration for Security Devices
- Modifying the Zones Configuration for Security Devices
- Modifying the IPS Configuration for Security Devices
- Modifying the SSL Initiation Profile for Security Devices
- Modifying the ICAP Redirect Profile for Security Devices
- Configuring Aruba ClearPass for Security Devices
- Configuring APBR Tunables for Security Devices
- Modifying the Express Path Configuration for Security Devices
- Modifying the Device Information Source Configuration for Security Devices
- Viewing the Active Configuration of a Device in Security Director
- Deleting Devices in Security Director
- Rebooting Devices in Security Director
- Resolving Key Conflicts in Security Director
- Launching a Web User Interface of a Device in Security Director
- Connecting to a Device by Using SSH in Security Director
- Importing Security Policies to Security Director
- Importing Device Changes
- Viewing Device Changes
- Viewing and Exporting Device Inventory Details in Security Director
- Previewing Device Configurations
- Refreshing Device Certificates
- Assigning Security Devices to Domains
- Acknowledging Device SSH Fingerprints in Security Director
- Viewing Security Device Details
- Security Devices Main Page Fields
- play_arrow Device Discovery
- Overview of Device Discovery in Security Director
- Creating Device Discovery Profiles in Security Director
- Editing, Cloning, and Deleting Device Discovery Profiles in Security Director
- Running a Device Discovery Profile in Security Director
- Viewing the Device Discovery Profile Details in Security Director
- Device Discovery Main Page Fields
- play_arrow Secure Fabric
- play_arrow NSX Managers
- Understanding Juniper Connected Security for VMware NSX Integration
- Understanding Juniper Connected Security for VMware NSX-T Integration
- Before You Deploy vSRX in VMware NSX Environment
- Before You Deploy vSRX in VMware NSX-T Environment
- About the NSX Managers Page
- Download the SSH Key File
- Add the NSX Manager
- Registering Security Services
- Editing NSX Managers
- Viewing Service Definitions
- Deleting the NSX Manager
- Delete the NSX-T Manager
- Deploying the vSRX as an Advanced Security Service in a VMware NSX Environment
- Deploy the vSRX as an Advanced Security Service in a VMware NSX-T Environment
- play_arrow vCenter Servers
- play_arrow Licenses
-
- play_arrow Reports
- play_arrow Administration
- play_arrow My Profile
- play_arrow Users and Roles-Users
- Overview of Users in Security Director
- Creating Users in Security Director
- Editing and Deleting Users in Security Director
- Viewing and Terminating Active User Sessions in Security Director
- Viewing the User Details in Security Director
- Clearing Local Passwords for Users in Security Director
- Disabling and Enabling Users in Security Director
- Unlocking Users in Security Director
- Users Main Page Fields
- play_arrow Users and Roles-Roles
- play_arrow Users and Roles-Domains
- Overview of Domains in Security Director
- Creating Domains in Security Director
- Edit and Delete Domains in Security Director
- Exporting Domains in Security Director
- Viewing Users, Devices, and Remote Profiles Assigned to a Domain in Security Director
- Assigning Devices to Domains in Security Director
- Assigning and Unassigning Remote Profiles to Domains in Security Director
- Assigning and Unassigning Users to Domains in Security Director
- Domains Main Page Fields
- play_arrow Users and Roles-Remote Profiles
- play_arrow Logging Management
- play_arrow Logging Management-Logging Nodes
- play_arrow Logging Management-Statistics & Troubleshooting
- play_arrow Logging Management-Logging Devices
- play_arrow Monitor Settings
- play_arrow Signature Database
- play_arrow License Management
- play_arrow Migrating Content from NSM to Security Director
- play_arrow Policy Sync Settings
- play_arrow Insights Management
- Add Insights Nodes
- About the Alerts Settings Page
- Create a New Alert Setting
- Configure System Settings
- About the Identity Settings Page
- Add JIMS Configuration
- Edit and Delete an Identity Setting
- Configure Mitigation Settings
- About the Threat Intelligence Page
- Configure Threat Intelligence Source
- Edit and Delete Threat Intelligence Source
- About the ServiceNow Configuration Page
- About the Backup & Restore Page
- Create a Backup File and Restore the Configuration
- Download and Delete a Backup File
-
Using Guided Setup for Juniper ATP Cloud with Juniper Connected Security
Guided Setup is the most efficient way to complete your Juniper ATP Cloud with Juniper Security configuration. To locate Guided Setup, navigate to Configure > Guided Setup > Threat Prevention in the Junos Space Security Director Portal.
Before You Begin
The ATP Cloud Configuration type you select on the Policy Enforcer Settings page determines the guided setup process. Guided setup provides all the configuration items you need for your chosen type. See Juniper ATP Cloud Configuration Type Overview for details on each configuration type.
Before you begin the guided setup process, you must enter the IP address and login credentials for the policy enforcer virtual machine on the Policy Enforcer Settings page. If you haven’t yet done that, go to Administration > Policy Enforcer > Settings and enter the necessary information. See Policy Enforcer Settings for more information.
Ensure that all the devices that you want to set up threat prevention for are already discovered and available on Junos Space. See Overview of Device Discovery in Security Director.
Ensure that you install the proper Schema that is suitable with the OS Version of the device.
Ensure that device version should not be less than 15.x.
Juniper ATP Cloud license and account are needed for all Juniper ATP Cloud Configuration Types. (Juniper ATP Cloud with Juniper Connected Security, Juniper ATP Cloud, and Cloud Feeds only). If you do not have a Juniper ATP Cloud license, contact your local sales office or Juniper Networks partner to place an order for a Juniper ATP Cloud premium or basic license. If you do not have a Juniper ATP Cloud account, when you configure Juniper ATP Cloud, you are redirected to the Juniper ATP Cloud server to create one. Please obtain a license before you try to create a Juniper ATP Cloud account. Refer to Obtaining a Juniper ATP Cloud License for instructions on obtaining a Juniper ATP Cloud license.
There are some concepts you should understand before you begin the configuration. We recommend that you read about them here in advance. Policy Enforcer Configuration Concepts.
This video provides a complete overview of how you can set up use Policy Enforcer threat prevention to block malicious servers and domains. You can refer to the procedure below for more elaborate instructions.
Video 1: Using Guided Setup for Set Up Threat Prevention
The Guided Setup process offers the following steps for configuring Juniper ATP Cloud with Juniper Connected Security threat prevention.
Navigate to the Guided Setup page from the Configuration > Guided Setup > Threat Prevention menu.
The Threat Prevention Policy Setup page appears as shown in Figure 1.
Figure 1: Threat Presentation Guided Setup
Click Start Setup to begin the guided setup.
The guided setup takes you through the various configuration, the first being Tenants, as shown in Figure 2.
- Note:
This step is not applicable for SRX Series devices. Tenants are only applicable for MX Series devices.
Create a tenant representing an enterprise by clicking + on the top-right corner of the page. The Create Tenant page appears.
Use the instructions provided in section Create Secure Fabric Tenants to create a tenant.
Note:When a tenant is created, a VRF instance is assigned to the tenant. When a site is associated with this tenant, only those devices that have the VRF instance associated with the tenant can be added to the site.
Click OK to move on to the next step.
The Secure Fabric page appears.
Note:In Policy Enforcer Release 20.1R1, only MX series devices support LSYS and VRF. Also, only root-logical system is supported. All the sites of a realm are either with tenants or without tenants.
Figure 2: Threat Prevention Configuration
A Secure Fabric is a collection of network devices (switches, routers, firewalls, and other security devices), used by users or user groups, to which policies for aggregated threat prevention are applied. Create a Secure Fabric by clicking + on the top-right corner of the page. The Create Site page appears.
Use the instructions provided in section Creating Secure Fabric and Sites to create a site.
After you create a site, you must add the devices for which you want to apply a common security policy, to the site. To do so, click Add Enforcement Points in the Enforcement Points column of a device or, alternately select a device and click Add Enforcement Points on the top-right corner of the page. Use the instructions provided in section Adding Enforcement Points to add endpoints to the site.
Note:A device can belong to only one site and you must remove it from any other site where it is used.
Firewall devices are automatically enrolled with ATP Cloud as part of this step. No manual enrollment is required.
You can find the newly created Secure Fabric on the Devices page.
Click OK to move on to the next step.
The Policy Enforcement Group page appears.
A policy enforcement group is a grouping of endpoints ready to receive advance threat prevention policies. Create a policy enforcement group by clicking + on the top-right corner of the page. The Policy Enforcement Group page appears.
Use the instructions provided in section Creating Policy Enforcement Groups to create a policy enforcement group.
You can find the newly created policy enforcement group on the Configure > Shared Objects page.
Click OK to move on to the next step.
The ATP Cloud Realm page appears.
A security realm is a group identifier for an organization used to restrict access to Web applications. You can create one or multiple realms. If you have not created a realm from within your ATP Cloud account, you can create and register it here by clicking the + sign on the top-right corner of the page.
Use the instructions provided in section Creating Juniper ATP Cloud Realms and Enrolling Devices or Associating Sites to create and register a realm, and then enroll SRX Series devices into the realm.
If a realm is already created with a site assigned, all devices in a site are listed under the Devices in Site(s) column that includes EX Series, SRX Series, all enforcement points, and devices that are originally from a realm. Devices that are marked as perimeter firewall devices are listed under the Perimeter Firewall column.
Click OK to move on to the next step.
The Threat Prevention Policy page appears.
Create a threat prevention policy by clicking + on the top-right corner of the page. The Create Threat Prevention Policy page appears.
Use the instructions provided in section Creating Threat Prevention Policies to create a threat prevention policy.
The newly created threat prevention policy is available on page Configure > Threat Prevention > Policies.
Click OK to move on to the next step.
The Geo IP page appears.
(Optional) Geo IP refers to the method of locating a computer terminal's geographic location by identifying that terminal's IP address. A Geo IP feed is an up-to-date mapping of IP addresses to geographical regions. By mapping IP address to the sources of attack traffic, the geographic regions of origin can be determined, giving you the ability to filter traffic to and from specific locations in the world. Create a Geo IP by clicking + on the top-right corner of the page. The Create Geo IP page appears as shown in Figure 3.
Use the instructions provided in section Creating Geo IP Policies to create a Geo IP.
Click Finish to move on to the Summary page.
The Geo IP page appears.
Figure 3: Create Geo IP
The last page is a summary of the parameters you have configured using quick setup. Click OK to create the threat prevention policy. The Policies page appears with the newly created policy listed.
You must apply your new or edited policy configuration to Policy Enforcer in order for the policy configuration to go live. In order to do that, click the Ready to Update link in the Status column. The Threat Policy Analysis page appears.
Use the Threat Policy Analysis page to view your pending policy changes in chronological order. Click the View Analysis link to view the changes.
In the Action section, you can choose to: Update now to , Update later, or Save the changes without updating.
Update now—Apply the policy configuration immediately.
Update later—Apply the policy configuration at a scheduled date and time of your choice.
Save the changes without updating—Save the policy changes without applying them to Policy Enforcer.
