- play_arrow Overview of Policy Enforcer and Juniper ATP Cloud
- play_arrow Concepts and Configuration Types to Understand Before You Begin
- Policy Enforcer Components and Dependencies
- Policy Enforcer Configuration Concepts
- Juniper ATP Cloud Configuration Type Overview
- Features By Juniper ATP Cloud Configuration Type
- Available UI Pages by Juniper ATP Cloud Configuration Type
- Comparing the Juniper Connected Security and non-Juniper Connected Security Configuration Steps
- play_arrow Installing Policy Enforcer
- Policy Enforcer Installation Overview
- Deploying and Configuring the Policy Enforcer with OVA files
- Installing Policy Enforcer with KVM
- Policy Enforcer Ports
- Identifying the Policy Enforcer Virtual Machine In Security Director
- Obtaining a Juniper ATP Cloud License
- Creating a Juniper ATP Cloud Web Portal Login Account
- Loading a Root CA
- Upgrading Your Policy Enforcer Software
- play_arrow Configuring Policy Enforcer Settings, Connectors, and Backup
- Policy Enforcer Settings
- Policy Enforcer Connector Overview
- Creating a Policy Enforcer Connector for Public and Private Clouds
- Creating a Policy Enforcer Connector for Third-Party Switches
- Editing and Deleting a Connector
- Viewing VPC or Projects Details
- Integrating ForeScout CounterACT with Juniper Networks Connected Security
- ClearPass Configuration for Third-Party Plug-in
- Cisco ISE Configuration for Third-Party Plug-in
- Integrating Pulse Policy Secure with Juniper Networks Connected Security
- Policy Enforcer Backup and Restore
- play_arrow Guided Setup for Juniper ATP Cloud with Juniper Connected Security
- play_arrow Guided Setup for No Juniper ATP Cloud (No Selection)
- play_arrow Configuring Juniper ATP Cloud with Juniper Connected Security(without Guided Setup)
- Configuring Juniper ATP Cloud with Juniper Connected Security (Without Guided Setup) Overview
- Creating Juniper ATP Cloud Realms and Enrolling Devices or Associating Sites
- Secure Fabric Overview
- Adding Enforcement Points
- Creating Secure Fabric and Sites
- Editing or Deleting a Secure Fabric
- Logical System and Virtual Routing and Forwarding Instance Overview
- About the Secure Fabric Tenants Page
- Create Secure Fabric Tenants
- Policy Enforcement Groups Overview
- Creating Policy Enforcement Groups
- Threat Prevention Policy Overview
- Creating Threat Prevention Policies
- Threat Policy Analysis Overview
- Geo IP Overview
- Creating Geo IP Policies
- play_arrow Configuring Juniper ATP Cloud (without Guided Setup)
- play_arrow Configuring Cloud Feeds Only
- play_arrow Configuring No Juniper ATP Cloud (No Selection) (without Guided Setup)
- Secure Fabric Overview
- Creating Secure Fabric and Sites
- Logical System and Virtual Routing and Forwarding Instance Overview
- About the Secure Fabric Tenants Page
- Create Secure Fabric Tenants
- Creating Policy Enforcement Groups
- Creating Custom Feeds
- Threat Prevention Policy Overview
- Creating Threat Prevention Policies
- play_arrow Threat Prevention - Configure
- Juniper ATP Cloud Realm Overview
- Juniper ATP Cloud Email Management Overview
- Juniper ATP Cloud Malware Management Overview
- File Inspection Profiles Overview
- Custom Feed Sources Overview
- About the Feed Sources Page
- Creating Juniper ATP Cloud Realms and Enrolling Devices or Associating Sites
- Modifying Juniper ATP Cloud Realm
- Juniper ATP Cloud Email Management: SMTP Settings
- Creating Allowlist for Juniper ATP Cloud Email and Malware Management
- Creating Blocklists for Juniper ATP Cloud Email and Malware Management
- Configure IMAP Settings
- Creating File Inspection Profiles
- Add ATP Appliance Server
- Edit or Delete a ATP Appliance Server
- Creating Custom Feeds
- Example: Creating a Dynamic Address Custom Feed and Firewall Policy
- Configuring Settings for Custom Feeds
- Implementing Threat Policy on VMWare NSX
- Implement Threat Policy on VMWare NSX-T
- play_arrow Threat Prevention- Monitor
- Policy Enforcer Dashboard Widgets
- Infected Hosts Overview
- Infected Host Details
- Command and Control Servers Overview
- Command and Control Server Details
- HTTP File Download Overview
- HTTP File Download Details
- SMTP Quarantine Overview
- Email Attachments Scanning Overview
- Email Attachments Scanning Details
- IMAP Block Overview
- File Scanning Limits
- All Hosts Status Details
- Device Feed Status Details
- DDoS Feeds Status Details
- play_arrow Troubleshooting
- play_arrow Migration Instructions for Spotlight Secure Customers
Using Guided Setup for Juniper ATP Cloud
Guided Setup is the most efficient way to complete your initial configuration. Locate Guided Setup from the Configuration > Guided Setup > Threat Prevention menu.
The Juniper ATP Cloud Configuration type you select on the Policy Enforcer Settings page determines the guided setup process. Guided setup provides all the configuration items you need for your chosen type. See Juniper ATP Cloud Configuration Type Overview for details on each configuration type.
Before you begin the guided setup process, you must enter the IP address and login credentials for the policy enforcer virtual machine on the Policy Enforcer Settings page. If you haven’t yet done that, go to Administration > Policy Enforcer > Settings and enter the necessary information. See Policy Enforcer Settings for more information.
Juniper ATP Cloud license and account are needed for all Juniper ATP Cloud Configuration Types. (Juniper ATP Cloud with Juniper Connected Security, Juniper ATP Cloud, and Cloud Feeds only). If you do not have a Juniper ATP Cloud license, contact your local sales office or Juniper Networks partner to place an order for a Juniper ATP Cloud premium or basic license. If you do not have a Juniper ATP Cloud account, when you configure Juniper ATP Cloud, you are redirected to the Juniper ATP Cloud server to create one. Please obtain a license before you try to create a Juniper ATP Cloud account. Refer to Obtaining a Juniper ATP Cloud License for instructions on obtaining a Juniper ATP Cloud license.
There are some concepts you should understand before you begin the configuration. Read Juniper ATP Cloud Overview for further information.
Click Start Setup from Configuration > Guided Setup > Threat Prevention to begin.
Add a ATP Cloud Realm—If you have not created a realm from within your Juniper ATP Cloud account, you can create it here by clicking the + sign. Once you add a realm, you can enroll SRX Series devices into the realm. A security realm is a group identifier for an organization used to restrict access to Web applications. You can create one or multiple realms. See Juniper ATP Cloud Realm Overview for information. A realm has the following configuration fields
Username and Password—These are credentials you must provide, obtained through your Juniper ATP Cloud account.
Realm—This is the name of the realm you are creating.
Click Add devices to enroll them in threat prevention before proceeding to the next step. Devices designated as perimeter firewalls are automatically enrolled with Juniper ATP Cloud.
Create a Policy—You create a name for the policy, choose one or more profile types depending on the type of threat prevention this policy provides (C&C Server, Infected Host, Malware), and select a log setting.
Once configured, threat prevention policies are located under Configure > Threat Prevention > Policies. A policy has the following fields:
Name and Description.
Profiles—The type of threat this policy manages:
C&C Server (Command and Control Server)—A C&C server is a centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them. A C&C profile provides information on C&C servers that have attempted to contact and compromise hosts on your network. Information such as IP address, threat level, and country of origin are gathered.
Infected Host—An infected host profile provides information on compromised hosts and their associated threat levels. Host information includes IP address, threat level, blocked status, when the threat was seen, command and control hits, and malware detections.
Malware—A malware profile provides information on files downloaded by hosts and found to be suspicious based on known signatures or URLs. The filename, file type, signature, date and time of download, download host, URL, and file verdict are gathered.
Logging—All traffic is logged by default. Use the pulldown to narrow the types of traffic to be logged.
Geo IP—Geo IP refers to the method of locating a computer terminal's geographic location by identifying that terminal's IP address. A Geo IP feed is an up-to-date mapping of IP addresses to geographical regions. By mapping IP address to the sources of attack traffic, geographic regions of origin can be determined, giving you the ability to filter traffic to and from specific locations in the world. For Geo IP, you configure the following:
Name and Description
Countries—Select the check box beside the countries in the Available list and click the > icon to move them to the Selected list. The countries in the Selected list will be included in the policy and action will be taken according to their threat level.
Block Traffic—Choose what traffic to block from the selected countries. Incoming traffic, Outgoing traffic, or Incoming and Outgoing traffic.
The last page is a summary of the items you have configured. Click OK to be taken to the Policies page under Configure > Threat Prevention, and your policy is listed there.
When you are using Juniper ATP Cloud without Policy Enforcer, you must assign the policy to a firewall rule before it can take affect. Navigate to Configure > Firewall Policy > Policies. In the Advanced Security column, click an existing item to access the Edit Advanced Security page and select the Threat Prevention Policy from the Threat Prevention pulldown list.
