Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Juniper Secure Edge Overview

Juniper Secure Edge provides full-stack Secure Services Edge (SSE) capabilities to protect web, SaaS, and on-premise applications and provide users with consistent and secure access that follows them wherever they go. When combined with Juniper’s AI-Driven SD-WAN, Juniper Secure Edge provides a best-in-suite SASE solution that helps you deliver seamless and secure end-user experiences that leverage existing architectures and grow with them as they expand their SASE footprint.

Juniper Secure Edge provides a user-friendly and security-focused GUI interface that allows an administrator to perform specific tasks. When you log in to Juniper Secure Edge, the main menu on the left that is displayed and the actions that you can perform depend on your access privileges. Table 1 lists the main menu that is available in Juniper Secure Edge, a brief description of each menu item, and a link to the relevant topic in the Juniper Secure Edge User Guide.

Table 1: GUI Menu and Description
Menu Description

Dashboard

You can view information such as top events, top denials, top applications, top source and destination IP addresses, top traffic, and top infected hosts in graphical security widgets.

These security widgets offer users a customized view of network security and can be added, removed, and rearranged as per each user's preference. See About the Dashboard.

Monitor

You can view following information from the Monitor menu:

  • Site Tunnel Status—View the status of the configured tunnels between sites and service locations. See About the Site Tunnel Status Page.
  • Service Locations—View the status of all the service locations, the users in a location, the bandwidth consumed by the users, and the available storage. See About the Service Locations Page.
  • ATP—Juniper Advanced Threat Prevention Cloud (ATP Cloud) is a cloud-based service that provides complete advanced anti-malware and anti-ransomware protection against “zero-day” and unknown threats. Monitor the status of compromised hosts, malicious threat sources, suspicious file downloads, Domain Name System (DNS) Domain Generation Algorithm (DGA) detections, tunnel detections, encrypted traffic insights, quarantined e-mails, blocked e-mails, and telemetry of blocked web and email files in ATP Cloud. See Hosts Overview.
  • ATP Report Definitions—Build custom threat assessment reports which meet your needs for viewing incidents during specific time-frames. See About the ATP Report Definition Page.

Secure Edge

You can manage the following services from the Secure Edge menu:

  • Service Management
    • Service Locations—Manage service locations for Juniper Secure Edge instances. Service locations are the connection (access) point for both onpremises and roaming users. See About the Service Locations Page.
    • Sites—Manage sites that are usually aligned with physical locations of customers, such as a branch or office. See About the Sites Page.
    • IPsec Profiles—Create IPsec profiles to define the parameters with which an IPsec tunnel is established when the Customer Premises Equipment (CPE) devices start communicating with your Juniper Secure Edge instance. See About the IPsec Profiles Page.
  • Security Policy—Manage the rules of Juniper Secure Edge policies which specify the actions to take for specific sets of traffic. You can filter and sort this information to get a better understanding of what to configure. See About the Secure Edge Policy Page.
  • Security Subscriptions
    • IPS—Manage IPS rules and exempt rules in IPS profiles that are deployed on a device. See IPS Policies Overview.
    • Web Filtering—Manage web filtering profiles which enable you to manage Internet usage by preventing access to inappropriate Web content over HTTP. See Web Filtering Profiles Overview.
    • Content Filtering—Manage content filtering policies that determine the file type based on the file content and not based on the file extensions. See Content Filtering Policies Overview.
    • SecIntel—Configure a SecIntel profile group to add SecIntel profiles, such as C&C, DNS, and infected hosts. Once created, you can assign this group to the security policy. See SecIntel Profiles Overview.
    • Anti-malware—Configure anti-malware profile and associate the profile with security policies. Anti-malware profiles define the content to scan for any malware and the action to be taken when malware is detected. See Anti-malware Profiles Overview.
    • DNS Security—Create a DNS security profile for Domain Generation Algorithm (DGA) detection and tunnel detection. See Create a DNS Security Profile.
    • ETI—Create an ETI profile that detects malicious threats hidden in encrypted traffic without intercepting and decrypting the traffic. See Create an Encrypted Traffic Insights Profile.
  • Service Administration
    • Certificate Management—Manage the device certificates to establish TLS or SSL sessions. See Certificate Management Overview.
    • PAC Files—Manage proxy auto configuration files which tell a web browser where to direct the traffic for a URL. See Proxy Auto Configuration Files Overview.
    • Explicit Proxy Profiles—Create an explicit proxy profile which tells Juniper Secure Edge the ports to listen to for the client-side traffic and the traffic to decrypt or bypass. See Configure an Explicit Proxy Profile.
    • Decrypt Profiles—Manage decrypt profiles which allow you to define the types of traffic that should be exempted from decryption. See Decrypt Profiles Overview.
  • Identity

Shared Services

 ATP—Configure various settings to protect against compromised hosts, malicious threat sources, suspicious file downloads, Domain Name System (DNS) Domain Generation Algorithm (DGA) detections, tunnel detections, encrypted traffic insights, quarantined e-mails, blocked e-mails, and telemetry of blocked web and email files in Juniper Advanced Threat Prevention Cloud (ATP Cloud). See File Inspection Profiles Overview.

Benefits of Juniper Secure Edge

  • Secure the Remote Workforce—Support the WFA workforce wherever users are located. Security policies follow the user wherever they go, whether they’re on or off the network.

  • Single-Policy Framework: Use the same policy framework as with the SRX Series Firewalls and apply security policies to remote users and branch sites. Create policies once and apply everywhere with unified policy management, including user- and application-based access, IPS, anti-malware and secure web access within a single policy framework.

  • Leverage Existing Investments—Moving to a cloud-based security architecture shouldn’t mean abandoning existing IT investments. Organizations can transition at their own pace without forcing administrators to toggle between separate management platforms for on-premises and cloud-delivered security. Juniper customers can use the physical, virtual, containerized SRX firewalls, and now cloud-delivered Secure Edge services, completely managed by Security Director Cloud with a single-policy framework, allowing for full visibility and consistent security across both the edge and the data center from one UI.

  • Dynamic User Segmentation Based on Zero Trust Principles—Maintain the security of data around identity- and risk-driven policies. Juniper Secure Edge delivers a consistent security policy framework with policies that automatically adapt based on new risk and attack vectors and follow the user wherever they go, providing secure access to employees and third-party contractors through granular policy control, to further protect data by adhering to Zero Trust principles.

  • Security Assurance—Whether it’s a rule for a traditional firewall policy or policy delivered as a service, it’s important that rules are placed in the proper order to be effective when needed. With Juniper Secure Edge organizations can utilize Security Director Cloud’s automation, and duplicate and shadowed rules are flagged before committed. Rule hit counts are highlighted so administrators can quickly make changes, ensuring that policies are effective for the intended users at the intended time, and makes cleaning up deprecated rules easy for the organization when they know these rules are no longer in use. This takes a big chunk of the stress out of day-to-day operations.

  • Integrate with Any Identity Provider—Juniper Secure Edge is flexible and easily integrates with any identity service to define user-based policies and application usage based on individual users or user groups via direct integration with Azure AD and Okta, and SAML 2.0 support to integrate with all other identity services.

  • Proven Security Effectiveness—Validated protection from attacks that is more than 99% effective against client- and server-side exploits, malware and C2 traffic, regardless of where the users and applications are located, ensuring consistent security enforcement.

Create Your Juniper Secure Edge Organization

  1. Open the URL to the Juniper Security Director Cloud portal.
  2. In the portal, click Create an Organization Account.

    The Login Credentials page opens. Use this page to set the login credentials for your account.

  3. Enter the following details and click Next.
    • E-mail address—your preferred e-mail address.
    • Password—a password of your choice.

    The Contact Details page opens.

  4. Enter your full name, company name, country, the phone number for your organization and click Next.

    The Organization Account Details page opens.

  5. Type the name of your organization or the organization that will be using Juniper Security Director Cloud to manage devices.
  6. Read the terms and conditions of use, and if you agree, click Create Organization Account.

    You will receive an e-mail to verify your e-mail address and to send a request to the Juniper Security Director Cloud team to activate your organization account.

  7. Log in to your e-mail account, open the e-mail, and click Activate Organization Account to send a request to activate your organization account.
    Note:

    • You must verify your e-mail address and click the Activate Organization Account button within 24 hours after receiving the e-mail. Otherwise, your account details will be deleted from Juniper Security Director Cloud, and you will have to re-create your account and send the activation request.

    • After verifying your e-mail and sending the account activation request, you will receive an e-mail about your organization account activation status within 7 working days.

    If your account activation request is approved, you will receive an e-mail with log in page information.

  8. Click Go to Login Page and enter your e-mail address and password to log in and start using the Juniper Security Director Cloud portal.