Configuring Controller API
You must perform some initial configuration and setup activities through the Policy Enforcer UI before you begin using the Controller API.
Log into the Policy Enforcer UI and configure the threat prevention type. You can configure Policy Enforcer to run in the following modes based on the threat prevention type you select:
Cloud only or cloud feeds mode
ATP Cloud mode
ATP Cloud with Policy Enforcer mode
For more information on configuring threat prevention types, see Policy Enforcer Administration Guide.
Invoke the Config API with HTTP basic authentication using your Policy Enforcer server SSH user credentials, as shown in the following example:
POST <context>/api/v2/controller/configs Content-Type: application/json Authorization: Basic <base 64 encoded (<ssh username of Policy Enforcer>:<ssh password of Policy Enforcer>)> configs: {cloudOnly: false, purge_settings: {enable_purge: true, purge_history: 365}, version: "21.2R1-1227",…} cloudOnly: false customOnly: false "ems": {"url": "https://192.168.250.3", "username": "pe_user", "password": “pe-root-pass_pe", "SD_app_sub_version": null,"SD_app_version": "20.3","SD_release_type": "R1","certificateMode": false,"certfile_content": null,"keyfile_content": null} certfile: null certificateMode: false keyfile: null url: "https://10.204.253.148" username: "pe_user" purge_settings: {enable_purge: true, purge_history: 365} enable_purge: true purge_history: 365 sdsn: true sudoUser: "root" syslog: {} version: "21.2R1-1227"
Note:You must use only https for the ems URL.
Ensure that you are using the correct Policy Enforcer username and password that successfully authenticate Security Director. The password should have _pe as suffix.
The REST API username and password are the new credentials for the REST APIs.
Based on the mode you have selected in the Policy Enforcer UI, you can specify the configuration using the Config API as follows:
Default mode—You can configure Policy Enforcer in the Default mode as follows:
"configs": { "sdsn": true "cloudonly": false “customOnly”: true }
Cloud only or cloud feeds mode—You can configure Policy Enforcer in the cloud only or cloud feeds mode as follows:
"configs": { "sdsn": true "cloudonly": true “customOnly”: false }
ATP Cloud mode—You can configure Policy Enforcer in the Juniper ATP Cloud mode as follows:
"configs": { "sdsn": false "cloudonly": false “customOnly”: false }
ATP Cloud with Policy Enforcer mode—You can configure Policy Enforcer in the Juniper ATP Cloud with Policy Enforcer mode as follows:
"configs": { "sdsn": true "cloudonly": false “customOnly”: false }
Note:Ensure that the values of
sdsn
andcloudonly
reflect the mode you have selected in the Policy Enforcer UI.You can also use your REST API user credentials for HTTP basic authentication to make any Policy Enforcer REST API calls. To do so, you must first create your REST API username and password. You can use any value as the username and password, for example,
admin/admin
orabcd/wxyz
.