Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Creating Juniper ATP Cloud Realms and Enrolling Devices or Associating Sites

You can select a geographical location and enter your Juniper ATP Cloud credentials to create a realm and associate sites or devices with the realm.

If you do not have Juniper ATP Cloud account, select a geographical region and click here. You are redirected to the Juniper ATP Cloud account page.

Before You Begin

  • Note:
    • Policy Enforcer does not support the Multi-factor authentication (MFA) feature in Cloud ATP. Disable the MFA feature in the Cloud ATP before adding realms to the Security Director.

    • You cannot use single sign-on (SSO) credentials to add the Juniper ATP realm to Security Director.

      Use the login credentials used to create the realm.

  • Understand which type of Juniper ATP Cloud license you have: free, basic, or premium. The license controls which Juniper ATP Cloud features are available.

  • To configure a Juniper ATP Cloud realm, you must already have Juniper ATP Cloud account with an associated license.

  • Ensure that the internet connectivity is available for Policy Enforcer. Without the internet connectivity, you cannot create a realm.

  • Decide which region will be covered by the realm you are creating. You must a select a region when you configure a realm.

  • Note that adding a device to a realm results in one or more commit operations occurring on the device to apply the Juniper ATP Cloud or Policy Enforcer configuration.

To configure ATP Cloud Realm:

  1. Select Configure>Threat Prevention>Feed Sources.

    The Feed Sources page appears.

  2. In the ATP Cloud tab, click the + icon to add a realm.
  3. Complete the initial configuration by using the guidelines in Table 1 below.
  4. Click Finish.
Table 1: Fields on the Add ATP Cloud Realm Page

Field

Description

ATP Cloud Realm Credentials

Location

Select a region of the world from the available choices.

The following options are available in the Location list:

  • North America

  • European Region

  • Canada

  • Asia Pacific

By default, the North America value appears in the list. To know more about the geographic region, see here.

Username

Enter your e-mail address. Your username for Juniper ATP Cloud is your e-mail address.

Password

Enter a unique string at least 8 characters long. Include both uppercase and lowercase letters, at least one number, and at least one special character (~!@#$%^&*()_-+={}[]|:;<>,./?); no spaces are allowed, and you cannot use the same sequence of characters that are in your username.

Realm

Enter a name for the security realm. This should be a name that is meaningful to your organization. A realm name can only contain alphanumeric characters and the dash symbol. Once created, this name cannot be changed.

Note:

When you create a custom feed with a realm, the feed is associated at the site level and not at the realm level. If you modify this realm and associate new sites to it, a warning message is shown that there are custom feeds are associated with this realm. Changing the site information will change the custom feed information. You must go and edit the custom feed that was associated with this realm and verify the realm association.

Site

Site

Select one or more sites to enroll into the realm. If there are no sites associated with the realm, click Create new site. To know more about creating a new site, see Creating Secure Fabric and Sites.

Note:
  • If you are using Juniper ATP Cloud without Policy Enforcer, you are not prompted to select a site.

  • Assigning a site to the realm will cause a change in the device configuration in the associated devices.

  • You must select the sites either with tenants or without tenants. You cannot select both at a time.

Unmanaged Devices

Lists all devices from the realm that are not managed in Security Director. You must manually discover them.

If you are using Juniper ATP Cloud with Policy Enforcer and you have no devices enrolled in the realm, you are asked to select devices in the box on the left and move them to the right to enroll them. All selected devices are automatically enrolled with Juniper ATP Cloud when you finish the guided setup. To disenroll a device, you can edit a realm and move the device back to the left side box.

Note:

Adding a device to a realm results in one or more commit operations occurring on the device to apply the Juniper ATP Cloud or Policy Enforcer configuration.

Global Configuration

IPv6 Feeds

Enable this option to receive IPv6 feeds (C&C and Geo IP) from Policy Enforcer.

Threat Level Threshold

Select a threshold level to block the infected hosts and to send an e-mail to the selected administrators notifying about the infected host events.

Click the+ sign if you want to add new administrators to the list.

Logging

Enable this option to log the Malware or the Host Status event or both the event types.

Proxy Servers

Click the add icon (+) to enter the trusted IPv4 address of the proxy server, in the Server IP column.

When there is a proxy server between users on the network and a firewall, the firewall might see the proxy server IP address as the source of an HTTP or HTTPS request, instead of the actual address of the user making the request.

With this in mind, X-Forwarded-For (XFF) is a standard header added to packets by a proxy server that includes the real IP address of the client making the request. Therefore, if you add trusted proxy servers IP addresses to the list in Juniper ATP Cloud, by matching this list with the IP addresses in the HTTP header (X-Forwarded-For field) for requests sent from the SRX Series devices, Juniper ATP Cloud can determines the originating IP address.

Note:

XFF only applies to HTTP or HTTPS traffic, and only if the proxy server supports the XFF header.

Note:

If you enrolled a device into a realm from within Security Director and you want to disenroll it, you must do that from within Security Director. If you enrolled a device into a realm from within Juniper ATP Cloud and you want to disenroll it, you must do that from within Juniper ATP Cloud. You cannot disenroll a device from within Security Directory that was enrolled from within Juniper ATP Cloud.