- play_arrow Junos Space Security Director
- play_arrow Dashboard
- play_arrow Overview
-
- play_arrow Monitor
- play_arrow Events and Logs-All Events
- Events and Logs Overview
- Creating Alerts
- Creating Reports
- Creating Filters
- Grouping Events
- Using Events and Logs Settings
- Selecting Events and Logs Table Columns
- Viewing Threats
- Viewing Data for Selected Devices
- Using the Detailed Log View
- Using the Raw Log View
- Showing Exact Match
- Using Filter on Cell Data
- Using Exclude Cell Data
- Showing Firewall Policy
- Showing Source NAT Policy
- Showing Destination NAT Policy
- Downloading Packets Captured
- Showing Attack Details
- Using Filters
- play_arrow Events and Logs-Firewall
- play_arrow Events and Logs-Web Filtering
- play_arrow Events and Logs-VPN
- play_arrow Events and Logs-Content Filtering
- play_arrow Events and Logs-Antispam
- play_arrow Events and Logs-Antivirus
- play_arrow Events and Logs-IPS
- play_arrow Events and Logs-Screen
- play_arrow Events and Logs-ATP Cloud
- play_arrow Events and Logs-Apptrack
- play_arrow Threat Prevention-Hosts
- play_arrow Threat Prevention-C&C Servers
- play_arrow Threat Prevention-HTTP File Download
- play_arrow Threat Prevention-Email Quarantine and Scanning
- play_arrow Threat Prevention-IMAP Block
- play_arrow Threat Prevention-Manual Upload
- play_arrow Threat Prevention-Feed Status
- play_arrow Threat Prevention-All Hosts Status
- play_arrow Threat Prevention-DDoS Feeds Status
- play_arrow Applications
- play_arrow Live Threat Map
- play_arrow Threat Monitoring
- play_arrow Alerts and Alarms - Overview
- play_arrow Alerts and Alarms-Alerts
- play_arrow Alerts and Alarms-Alert Definitions
- play_arrow Alerts and Alarms-Alarms
- play_arrow VPN
- play_arrow Insights
- play_arrow Job Management
- Using Job Management in Security Director
- Overview of Jobs in Security Director
- Archiving and Purging Jobs in Security Director
- Viewing the Details of a Job in Security Director
- Canceling Jobs in Security Director
- Reassigning Jobs in Security Director
- Rescheduling and Modifying the Recurrence of Jobs in Security Director
- Retrying a Failed Job on Devices in Security Director
- Exporting the Details of a Job in Security Director
- Job Management Main Page Fields
- play_arrow Audit Logs
- play_arrow Packet Capture
- play_arrow NSX Inventory-Security Groups
- play_arrow vCenter Server Inventory-Virtual Machines
- play_arrow Data Plane Packet Capture
-
- play_arrow Devices
- play_arrow Security Devices
- Using Features in Security Devices
- Security Devices Overview
- Add Devices to Juniper Security Director Cloud
- Updating Security-Specific Configurations or Services on Devices
- Resynchronizing Managed Devices with the Network in Security Director
- Performing Commit Check
- Logical Systems Overview
- Tenant Systems Overview
- Create a Logical System
- Create a Tenant System
- Uploading Authentication Keys to Devices in Security Director
- Modifying the Configuration of Security Devices
- Modifying the Basic Configuration for Security Devices
- Modifying the Static Routes Configuration for Security Devices
- Modifying the Routing Instances Configuration for Security Devices
- Modifying the Physical Interfaces Configuration for Security Devices
- Modifying the Syslog Configuration for Security Devices
- Modifying the Security Logging Configuration for Security Devices
- Modifying the Link Aggregation for Security Devices
- Modifying the User Management Configuration for Security Devices
- Modifying the Screens Configuration for Security Devices
- Modifying the Zones Configuration for Security Devices
- Modifying the IPS Configuration for Security Devices
- Modifying the SSL Initiation Profile for Security Devices
- Modifying the ICAP Redirect Profile for Security Devices
- Configuring Aruba ClearPass for Security Devices
- Configuring APBR Tunables for Security Devices
- Modifying the Express Path Configuration for Security Devices
- Modifying the Device Information Source Configuration for Security Devices
- Viewing the Active Configuration of a Device in Security Director
- Deleting Devices in Security Director
- Rebooting Devices in Security Director
- Resolving Key Conflicts in Security Director
- Launching a Web User Interface of a Device in Security Director
- Connecting to a Device by Using SSH in Security Director
- Importing Security Policies to Security Director
- Importing Device Changes
- Viewing Device Changes
- Viewing and Exporting Device Inventory Details in Security Director
- Previewing Device Configurations
- Refreshing Device Certificates
- Assigning Security Devices to Domains
- Acknowledging Device SSH Fingerprints in Security Director
- Viewing Security Device Details
- Security Devices Main Page Fields
- play_arrow Device Discovery
- Overview of Device Discovery in Security Director
- Creating Device Discovery Profiles in Security Director
- Editing, Cloning, and Deleting Device Discovery Profiles in Security Director
- Running a Device Discovery Profile in Security Director
- Viewing the Device Discovery Profile Details in Security Director
- Device Discovery Main Page Fields
- play_arrow Secure Fabric
- play_arrow NSX Managers
- Understanding Juniper Connected Security for VMware NSX Integration
- Understanding Juniper Connected Security for VMware NSX-T Integration
- Before You Deploy vSRX in VMware NSX Environment
- Before You Deploy vSRX in VMware NSX-T Environment
- About the NSX Managers Page
- Download the SSH Key File
- Add the NSX Manager
- Registering Security Services
- Editing NSX Managers
- Viewing Service Definitions
- Deleting the NSX Manager
- Delete the NSX-T Manager
- Deploying the vSRX as an Advanced Security Service in a VMware NSX Environment
- Deploy the vSRX as an Advanced Security Service in a VMware NSX-T Environment
- play_arrow vCenter Servers
- play_arrow Licenses
-
- play_arrow Reports
- play_arrow Administration
- play_arrow My Profile
- play_arrow Users and Roles-Users
- Overview of Users in Security Director
- Creating Users in Security Director
- Editing and Deleting Users in Security Director
- Viewing and Terminating Active User Sessions in Security Director
- Viewing the User Details in Security Director
- Clearing Local Passwords for Users in Security Director
- Disabling and Enabling Users in Security Director
- Unlocking Users in Security Director
- Users Main Page Fields
- play_arrow Users and Roles-Roles
- play_arrow Users and Roles-Domains
- Overview of Domains in Security Director
- Creating Domains in Security Director
- Edit and Delete Domains in Security Director
- Exporting Domains in Security Director
- Viewing Users, Devices, and Remote Profiles Assigned to a Domain in Security Director
- Assigning Devices to Domains in Security Director
- Assigning and Unassigning Remote Profiles to Domains in Security Director
- Assigning and Unassigning Users to Domains in Security Director
- Domains Main Page Fields
- play_arrow Users and Roles-Remote Profiles
- play_arrow Logging Management
- play_arrow Logging Management-Logging Nodes
- play_arrow Logging Management-Statistics & Troubleshooting
- play_arrow Logging Management-Logging Devices
- play_arrow Monitor Settings
- play_arrow Signature Database
- play_arrow License Management
- play_arrow Migrating Content from NSM to Security Director
- play_arrow Policy Sync Settings
- play_arrow Insights Management
- Add Insights Nodes
- About the Alerts Settings Page
- Create a New Alert Setting
- Configure System Settings
- About the Identity Settings Page
- Add JIMS Configuration
- Edit and Delete an Identity Setting
- Configure Mitigation Settings
- About the Threat Intelligence Page
- Configure Threat Intelligence Source
- Edit and Delete Threat Intelligence Source
- About the ServiceNow Configuration Page
- About the Backup & Restore Page
- Create a Backup File and Restore the Configuration
- Download and Delete a Backup File
-
Cisco ISE Configuration for Third-Party Plug-in
Policy Enforcer's Cisco ISE Connector communicates with the Cisco Identity Services Engine server using the Cisco ISE API. As part of threat remediation, Policy Enforcer's Connector uses enforcement profiles. This section provides information for configuring Cisco ISE so that Policy Enforcer can invoke the appropriate enforcement profiles.
As part of the configuration, on Cisco ISE you will create two enforcement profiles, one for quarantine and one for terminate. Then you will use them in the Cisco ISE enforcement policy. Once Cisco ISE is configured, you will configure a Cisco ISE Connector on Policy Enforcer.
On Cisco ISE you will configure the following:
Change policy modes
Create an API client
Configure network profiles
Add a custom attribute
Configure authorization profiles
Set an authorization policy
On Cisco ISE, the Simple Mode policy model is selected by default. For creating an API client, Policy Sets should be enabled.
Navigate to Administration > System > Settings > Policy Sets and Enable Policy Sets mode.
You are prompted to login again after changing the mode.
Figure 1: Cisco ISE: Enable Policy Sets Mode
Create an API Client:
- Create an Admin User and assign it to the following Admin
Groups: ERS Admin, MnT Admin.
Make note of the username and password. You will need them when you configure the connector portion in Policy Enforcer later on.
Figure 2: Cisco ISE: Create Admin User and Assign to Admin Groups
Enable the External RESTful Services API (ERS) for the Administration Node:
Navigate to Administration > System > Settings >ERS Settings and select Enable ERS for Read/Write.
Click Save.
Figure 3: Cisco ISE: Enable ERS
Configure network profiles:
Devices managed by ISE must support RADIUS CoA and have the proper network profiles assigned to handle the CoA commands sent by the ISE server:
Navigate to Administration > Network Resources > Network Device Profiles and verify the existing network device profile list.
If you are creating a new profile, proceed to the next step for information.
Figure 4: Cisco ISE: Network Device Profiles List
If you are configuring a new profile, you must minimally set the following:
Enable RADIUS and add a corresponding dictionary in the supported protocol list.
Figure 5: Cisco ISE: Network Device Profile, Enable RADIUS
Enable and configure the Change of Authorization (CoA) according to the figure below.
Figure 6: Cisco ISE: Configure Change of Authorization (CoA)
Configure the Disconnection and Re-authenticate operation with the proper RADIUS attributes and vendor specific VSA to handle the standard disconnect and reauthenticate operations. Below is the sample configuration for Juniper’s EX devices.
Figure 7: Sample Configuration for Juniper EX
Configure a custom attribute.
Navigate to Administration > Identity Management > Settings > Endpoint Custom Attribute and add attribute sdsnEpStatus with type string.
Figure 8: Cisco ISE: Add Attribute sdsnEpStatus
Verify the attribute under Policy > Policy Elements > Dictionaries > System > Endpoints.
Figure 9: Cisco ISE: Verify Attribute
Navigate to Policy > Policy Elements > Conditions > Authorization > Simple Conditions. Add there authorization simple conditions using the sdsnEpStatus attribute you created.
In the screen below,, there are three conditions created using sdsnEpStatus attribute. The condition names do not need to be the same as in the screen here, but the expressions must be matched. These conditions will be used in Policy Sets to handle the threat remediation for managed endpoints as described later in the Policy Sets setting section. Only the sdsnEpStatus-blocked and sdsnEpStatus-quarantine conditions will be used there. sdsnEpStatus-healthy is created for fulfillment purpose and can be ignored for now.
Figure 10: Cisco ISE: Configure Simple Conditions, Match Expression
Figure 11: Cisco ISE: Configure Simple Conditions, Match Expression
Configure permission/authorization profiles.
You can create the authorization profiles corresponding to “block” and “quarantine” actions as fits your needs. In the sample configuration provided here, the block action will result as total denial access to the network, and the quarantine profile will move the endpoint to another designated VLAN.
Navigate to From Policy > Policy Elements > Results > Authorization > Authorization Profiles.
Refer to the figures below for sample configurations.
Figure 12: Cisco ISE: Configure Authorization Profiles
Figure 13: Cisco ISE: Configure Authorization Profiles
Note:For blocking a host, the default ‘DenyAccess’ profile is used.
Set the authorization policy:
Create two rules as Local Exceptions, applying the conditions and authorization/permission profiles we created in the previous step. Names may be different, but these two rules must be at the top of the Exception list.
Refer to the figure below for a sample configuration.
Figure 14: Cisco ISE: Local Exception Rules, Example
Note:Find this under Policy > Policy Sets > Authorization Policy.
Proceed to Creating a Policy Enforcer Connector for Third-Party Switches to finish the configuration with Policy Enforcer.
