- play_arrow Introduction
- play_arrow Dashboard
- play_arrow Monitor
- play_arrow Alerts
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Tunnel Status
- play_arrow Service Locations
- play_arrow Advanced Threat Prevention
- Hosts Overview
- Host Details
- Threat Sources Overview
- Threat Source Details
- Reverse Shell Overview
- Add IP Address to Allowlist
- HTTP File Download Overview
- HTTP File Download Details
- Signature Details
- Manual Scanning Overview
- SMB File Download Overview
- SMB File Download Details
- Email Attachments Scanning Overview
- Email Attachments Scanning Details
- DNS DGA Detection Overview
- DNS Tunnel Detection Overview
- DNS DGA and Tunneling Detection Details
- Encrypted Traffic Insights Overview
- Encrypted Traffic Insights Details
- SMTP Quarantine Overview
- IMAP Block Overview
- Telemetry Overview
- play_arrow Reports
- play_arrow Report Definitions
- Report Definitions Main Page Fields
- Create and Manage Threat Assessment Report Definitions
- Create and Manage Application User Usage Report Definitions
- Create and Manage IPS Report Definitions
- Create and Manage Rule Analysis Report Definitions
- Create and Manage Security Events Report Definitions
- Create and Manage Top Talkers Report Definitions
- Create and Manage Network Operations Report Definitions
- Create and Manage URLs Visited Per User Report Definitions
- Create and Manage Log Streaming Report Definitions
- Using Report Definitions
- Editing Report Definitions
- Deleting Report Definitions
- play_arrow Generated Reports
- play_arrow ATP Report Definitions
- play_arrow ATP Generated Reports
- play_arrow Secure Edge Reports
-
- play_arrow SRX Device Management
- play_arrow Devices
- Devices Overview
- Add Devices
- Enroll SRX Series Firewalls from ATP Cloud to Juniper Security Director Cloud
- Disenroll SRX Series Firewall from ATP Cloud
- Device Subscriptions
- Add Licenses
- Import Device Certificates
- Configure Security Logs
- Configuration Versions
- Out-of-Band Changes
- Resolve Out-of-Band Changes
- Resynchronize Devices
- Upgrade Devices
- Reboot Devices
- Delete Devices
- play_arrow Device Groups
- play_arrow Preprovision Profiles
- play_arrow Configuration Templates
- play_arrow Images
- play_arrow Security Packages
-
- play_arrow SRX Security Policy
- play_arrow SRX Security Policies
- play_arrow SRX Security Policy Rules
- Security Policy Rules Overview
- Security Policy Rule Analysis Overview
- Add and Manage Security Policy Rules
- Analyze Security Policy Rules
- Edit, Clone, and Delete a Security Policy Rule
- Reorder a Security Policy Rule
- Configure Default Rule Option
- Select a Security Policy Rule Source
- Select a Security Policy Rule Destination
- Select Applications and Services
- Common Operations on a Security Policy Rule
- Add SRX Policy Rules to Secure Edge Policy (From SRX Policy Page)
- play_arrow SRX Security Policy Versions
- play_arrow Device View
-
- play_arrow SRX Security Subsciptions
- play_arrow IPS Profiles
- play_arrow IPS Signatures
- play_arrow Content Security
- play_arrow Content Security Profiles
- play_arrow Web Filtering Profiles
- play_arrow Antivirus Profiles
- play_arrow Antispam Profiles
- play_arrow Content Filtering Profiles
- play_arrow Content Filtering Policies (New)
- play_arrow Decrypt Profiles
- play_arrow SecIntel
- play_arrow SecIntel Profiles
- play_arrow SecIntel Profile Groups
- play_arrow Anti-Malware
- play_arrow Secure Web Proxy
- play_arrow Flow-Based Antivirus
- play_arrow ICAP Redirect Profile
- play_arrow Metadata Streaming Policy
- Security Metadata Streaming Policies Overview
- Create and Manage Metadata Streaming Profiles
- Create and Manage Metadata Streaming Profiles to Detect all DNS Threats
- Create and Manage Metadata Streaming Profiles to Detect DGA-Based Threats
- Create and Manage Metadata Streaming Profiles to Detect DNS Tunnels
- Create and Manage Metadata Streaming Profiles to Detect all HTTP Threats
- Create and Manage Metadata Streaming Profiles to Detect Command-and-Control (C2) Communications
- Edit, Clone, or Delete Metadata Streaming Profile
- Create and Manage Metadata Streaming Rules
- Edit or Delete Metadata Streaming Rule
- Deploy Metadata Streaming Policy
- Import Metadata Streaming Policy and DNS Cache
- play_arrow DNS Filter
-
- play_arrow SRX IPSec VPN
- play_arrow IPsec VPNs
- IPsec VPN Overview
- Understanding IPsec VPN Modes
- Understanding IPsec VPN Routing
- Understanding IKE Authentication
- IPsec VPN Global Settings
- Create a Policy-Based Site-to-Site VPN
- Create a Route-Based Site-to-Site VPN
- Create a Hub-and-Spoke (Establishment All Peers) VPN
- Create a Hub-and-Spoke (Establishment by Spokes) VPN
- Create a Hub-and-Spoke Auto Discovery VPN
- Create a Remote Access VPN—Juniper Secure Connect
- Importing IPsec VPNs
- Deploy an IPsec VPN
- Modify IPsec VPN Settings
- Delete an IPsec VPN
- play_arrow VPN Profiles
- play_arrow Extranet Devices
-
- play_arrow SRX NAT
- play_arrow NAT Policies
- play_arrow NAT Pools
- Devices with NAT Policies
-
- play_arrow SRX Identity
- play_arrow JIMS
- play_arrow Active Directory
- play_arrow Access profile
- play_arrow Address Pools
-
- play_arrow Secure Edge Service Management
- Juniper Secure Edge Overview
- Service Locations Overview
- Create and Manage Service Locations
- Edit and Delete Service Locations
- Sites Overview
- Create and Manage Sites
- Create and Manage Bulk Sites
- Edit and Delete Sites
- About the IPsec Profiles Page
- Create and Manage IPsec Profiles
- Edit or Delete an IPsec Profile
- External Probe Overview
- play_arrow Secure Edge Security Policy
- Secure Edge Policy Overview
- Add and Manage Secure Edge Policy Rules
- Edit, Clone, and Delete a Secure Edge Policy Rule
- Reorder a Security Policy Rule
- Select a Secure Edge Policy Source
- Select a Secure Edge Policy Destination
- Select Applications and Services
- Common Operations on a Secure Edge Policy
- Deploy Secure Edge Policies
- Add SRX Policy Rules to Secure Edge Policy (From Secure Edge Policy Page)
- play_arrow Secure Edge Security Subscriptions
- IPS Policies Overview
- IPS Policies Overview
- Create and Manage IPS Rules
- Edit, Clone, and Delete IPS Rules
- Create and Manage Exempt Rules
- Edit, Clone, and Delete Exempt Rule
- Web Filtering Profiles Overview
- Web Filtering Profiles Overview
- Create and Manage Web Filtering Profiles
- Edit, Clone, and Delete a Web Filtering Profile
- CASB Overview
- CASB Profiles Overview
- Create and Manage CASB Profiles
- Edit and Delete a CASB Profile
- CASB Rules Overview
- Add and Manage CASB Profile Rules
- Edit and Delete a CASB Rule
- Application Instances Overview
- Create and Manage Application Instances
- Edit and Delete an Application Instance
- Application Tagging Overview
- Content Filtering Policies Overview
- Content Filtering Policies Overview
- Create and Manage Content Filtering Policies
- Add and Manage Content Filtering Policy Rules
- Edit and Delete a Content Filtering Policy
- Edit, Clone, and Delete a Content Filtering Policy Rule
- SecIntel Profiles Overview
- SecIntel Profiles Overview
- Create and Manage Command and Control Profiles
- Create and Manage DNS Profiles
- Create and Manage Infected Hosts Profiles
- Edit, Clone, and Delete SecIntel Profile
- SecIntel Profile Groups Overview
- Create and Manage SecIntel Profile Groups
- Edit, Clone, and Delete SecIntel Profile Group
- Anti-malware Profiles Overview
- About Anti-malware Profiles
- Create and Manage Anti-malware Profiles
- Edit, Clone, and Delete Anti-malware Profile
- Create a DNS Security Profile
- Create an Encrypted Traffic Insights Profile
- play_arrow Secure Edge Service Administration
- Certificate Management Overview
- Certificate Management Overview
- Generate and Manage Certificates
- Upload and Download a Certificate
- Regenerate and Delete a Certificate
- Add Juniper Clouds Root CA Certificate on Microsoft Windows
- Add Juniper Clouds Root CA Certificate on MacOS
- Add Juniper Clouds Root CA Certificate in Google Chrome
- Add Juniper Clouds Root CA Certificate in Mozilla Firefox
- Proxy Auto Configuration Files Overview
- Proxy Auto Configuration (PAC) Files Overview
- Edit, Clone, and Delete a Proxy Auto Configuration File
- Distribute a Proxy Auto Configuration File URL to Web Browsers
- Manually Add a Proxy Auto Configuration File URL to a Web Browser
- Configure an Explicit Proxy Profile
- Decrypt Profiles Overview
- Decrypt Profiles Overview
- Create and Manage Decrypt Profiles
- Edit, Clone, and Delete a Decrypt Profile
- play_arrow Secure Edge Identity
- End User Authentication Overview
- About the End User Authentication Page
- Add and Manage End User Profiles
- Create a SAML Profile
- Create an LDAPS Profile
- Manage the Hosted Database
- Edit and Delete an End User Profile
- Add and Manage Groups
- Edit and Delete a Group
- Juniper Identity Management Service Overview
- Juniper Identity Management Service Overview
- JIMS Collector Onboarding Overview
- Onboard JIMS Collector
- Create JIMS Collector Service Accounts
- Install JIMS Collector
- Configure JIMS Collector to Get Information from the Directory Service
- Configure JIMS Collector to Get Microsoft Event Logs
- Configure JIMS Collector to Probe Unknown IP Addresses
- Delete JIMS Collector
- Authentication Settings Overview
- Configure the Authentication Frequency
- play_arrow Secure Edge CASB and DLP
- play_arrow Shared Services Firewall Policies
- play_arrow Rule Options
- play_arrow Redirect Profiles
-
- play_arrow Shared Services Objects
- play_arrow Addresses
- play_arrow GeoIP
- play_arrow Services
- play_arrow Applications
- play_arrow Schedules
- play_arrow URL Patterns
- play_arrow URL Categories
- play_arrow SSL Initiation Profile
-
- play_arrow Administration
- play_arrow Subscriptions
- play_arrow Users & Roles
- play_arrow Single Sign-On Configuration
- play_arrow Two-Factor Authentication
- play_arrow Audit Logs
- play_arrow Service Updates
- play_arrow Jobs
- play_arrow Data Management
- play_arrow Log Streaming
- play_arrow URL Recategorization
- play_arrow API Security
- play_arrow Organization
- play_arrow ATP Mapping
- play_arrow ATP Audit Logs
- play_arrow ATP Application Tokens
-
Enroll an SRX Series Firewall using Juniper ATP Cloud Web Portal
Only devices enrolled with Juniper ATP Cloud can send files for malware inspection.
Before enrolling a device, check whether the device is already enrolled. To do this, use the Enrolled Devices page or the Device Lookup option in the Juniper Security Director Cloud UI. If the device is already enrolled, disenroll it first before enrolling it again.
If a device is already enrolled in a realm and you enroll it in a new realm, none of the device data or configuration information is propagated to the new realm. This includes history, infected hosts feeds, logging, API tokens, and administrator accounts.
As of Junos Release 19.3R1, there is another way to enroll the SRX Series Firewall without having to interact with the ATP Cloud Web Portal. You run the “enroll” command from the SRX and it performs all the necessary enrollment steps. See Enroll an SRX Series Firewall Using the CLI.
Juniper ATP Cloud uses a Junos OS operation (op) script to help you configure your SRX Series Firewall to connect to the Juniper Advanced Threat Prevention Cloud service. This script performs the following tasks:
Downloads and installs certificate authority (CAs) licenses onto your SRX Series Firewall.
Creates local certificates and enrolls them with the cloud server.
Performs basic Juniper ATP Cloud configuration on the SRX Series Firewall.
Establishes a secure connection to the cloud server.
Juniper ATP Cloud requires that both your Routing Engine (control plane) and Packet Forwarding Engine (data plane) is connected to the Internet.
The data plane connection should not go through the management interface, for example, fxp0. You do not need to open any ports on the SRX Series Firewall to communicate with the cloud server. However, if you have a device in the middle, such as a firewall, then that device must have ports 8080 and 443 open.
The SRX Series Firewall uses the default inet.0 routing table and an interface part of inet.0 as source-interface for control-plane connection from SRX Series Firewall to ATP Cloud. If the only Internet-facing interface on SRX Series Firewall is part of a routing instance, then we recommend that you add a static route pointing to the routing instance. Else, the control connection will fail to establish.
Juniper ATP Cloud requires that your SRX Series Firewall host name contain only alphanumeric ASCII characters (a-z, A-Z, 0-9), the underscore symbol ( _ ) and the dash symbol ( - ).
If you are configuring explicit web proxy support for SRX Series services/Juniper ATP Cloud connections, you must enroll SRX Series Firewalls to Juniper ATP Cloud using a slightly different process, see Explicit Web Proxy for Juniper ATP Cloud.
To enroll a device in Juniper ATP Cloud using the Web Portal, do the following:
If the script fails, disenroll the device (see Remove an SRX Series Firewall From Juniper Advanced Threat Prevention Cloud) and then re-enroll it.
(Optional) Use the show services advanced-anti-malware status CLI
command to verify that a connection is made to the cloud server from the SRX Series
Firewall.
Once configured, the SRX Series Firewall communicates to the cloud through multiple persistent connections established over a secure channel (TLS 1.2) and the SRX Series Firewall is authenticated using SSL client certificates.
In the Juniper Security Director Cloud UI Enrolled Devices page, basic connection information for all enrolled devices is provided, including serial number, model number, tier level (free or not) enrollment status in Juniper ATP Cloud, last telemetry activity, and last activity seen. Click the serial number for more details. In addition to Enroll, the following buttons are available:
Actions | Definition |
|---|---|
Enroll | Use the Enroll button to obtain a enroll command to run on eligible SRX Series Firewalls. This command enrolls them in Juniper ATP Cloud and is valid for 7 days. Once enrolled, SRX Series Firewall appears in the Devices and Connections list. |
Disenroll | Use the Disenroll button to obtain a disenroll command to run on SRX Series Firewalls currently enrolled in Juniper ATP Cloud. This command removes those devices from Juniper ATP Cloud enrollment and is valid for 7 days. |
Note: Running the Enroll or Disenroll command will commit any uncommitted configuration changes on the SRX Series Firewall. Note: Generating a new Enroll or Disenroll command invalidates any previously generated commands. | |
Device Lookup | Use the Device Lookup button to search for the device serial number(s) in the licensing database to determine the tier (premium, feed only, free) of the device. For this search, the device does not have to be currently enrolled in Juniper ATP Cloud. |
Delete | Removing an SRX Series Firewall is different than disenrolling it. Use the Delete option only when the associated SRX Series Firewall is not responding (for example, hardware failure). Clicking the delete button dissassociates the SRX Series Firewall from the cloud without running the Junos OS operation (op) script on the device (see Enrolling and Disenrolling Devices). You can later enroll it using the Enroll option when the device is again available. |
For HA configurations, you only need to enroll the cluster primary. The cloud will detect that this is a cluster and will automatically enroll both the primary and backup as a pair. Both devices, however, must be licensed accordingly. For example, if you want premium features, both devices must be entitled with the premium license.
Juniper ATP Cloud supports both active-active and active-passive cluster configurations. The passive (non-active) node does not establish a connection to the cloud until it becomes the active node.
The License Expiration column contains the status of your current license, including expiration information. There is a 60 day grace period after the license expires before the SRX Series Firewall is disenrolled from Juniper ATP Cloud.
