Configuring Cloud Feeds Only
This in an outline of the configuration tasks you must complete to configure Cloud feeds only threat prevention.
Since devices are not enrolled to ATP Cloud in Cloud feed only mode, there is no information to display under Monitor > Threat Prevention, and therefore those screens are unavailable.
Juniper ATP Cloud license and account are needed for the following (Juniper ATP Cloud with Juniper Connected Security, Juniper ATP Cloud, and Cloud feeds only). If you do not have a Juniper ATP Cloud license, contact your local sales office or Juniper Networks partner to place an order for a Juniper ATP Cloud premium license. If you do not have a Juniper ATP Cloud account, when you configure Juniper ATP Cloud, you are redirected to the Juniper ATP Cloud server to create one. Please obtain a license before you try to create a Juniper ATP Cloud account. Refer to Obtaining a Juniper ATP Cloud License for instructions on obtaining a Juniper ATP Cloud premium license.
Before you configure Cloud Feeds you must enter the IP address and login credentials for the policy enforcer virtual machine. Go to Administration > Policy Enforcer > Settings. Once this information is entered, you can begin the setup process. See Policy Enforcer Settings. (Refer to Deploying and Configuring the Policy Enforcer with OVA files for instructions on downloading Policy Enforcer and creating your policy enforcer virtual machine.)
To configure Security Director for Cloud feed only threat prevention, do the following:
Cloud feed only configuration is similar to ATP Cloud (without Juniper Connected Security) configuration. The only differences being that devices do not have to be enrolled to Juniper ATP Cloud and the only threat prevention types available are command and control server and Geo IP.
Create a tenant representing an Enterprise. When a tenant is created, a VRF is assigned to the tenant.
In the UI, navigate to Devices >Secure Fabric > Tenants. Click the + icon to create a new tenant.
See Create Secure Fabric Tenants for details.
Note:In Policy Enforcer Release 20.1R1, only MX series devices support LSYS and VRF. Also, only root-logical system is supported. All the sites of a realm are either with tenants or without tenants.
Create one or more Juniper ATP Cloud realms and add devices to the realm. (Note that devices do not have to be enrolled to Juniper ATP Cloud for Cloud Feed only mode.)
In the UI, navigate to Configure>Threat Prevention>ATP Cloud Realms. Click the + icon to add a new ATP Cloud realm.
See Creating Juniper ATP Cloud Realms and Enrolling Devices or Associating Sites for details.
Create sites and add devices to those sites.
In the UI, navigate to Devices >Secure Fabric. Click the + icon to create a new site.
See Creating Secure Fabric and Sites for details.
Create a policy enforcement group.
In the UI, navigate to Configure>Shared Objects>Policy Enforcement Groups. Click the + icon to create a new policy enforcement group.
See Creating Policy Enforcement Groups for details.
Create a threat prevention policy for Command and Control server, Geo IP, or Infected hosts.
In the UI, navigate to Configure>Threat Prevention >Policy. Click the + icon to create a new threat prevention policy.
See Creating Threat Prevention Policies for details.
Configure Geo IP settings for inclusion in a firewall policy. See Creating Geo IP Policies.
You must select your Geo IP policy as the source and/or destination of a firewall rule before it can take effect. Navigate to Configure > Firewall Policy > Policies.