Create an Organization
Ensure that you have the required subscriptions to create an organization. See Subscriptions Overview.
-
Click the organization name on the top right corner, then click Create New
Organization.
The Create New Organization page is displayed.
-
Complete the configuration according to the guidelines in Table 1.
Table 1: Fields on the Organization—Details Page Field
Description
Organization name
Enter a name containing maximum 32 alphanumeric characters. The name can contain hyphens (-) and underscores (_).
Home PoP
Select your home region. The home region is usually the geographical area where your SRX Series Firewalls are located. Technically, you can select any region, but we recommend that you select the region that is closest to your geographical location.
Two-factor authentication
Enable two-factor authentication for logging in to Juniper Security Director Cloud. This adds an additional layer of security to your user account.
Note:Ensure that each SRX Series Firewall port can communicate with a Juniper Security Director Cloud FQDN. The FQDN of each region is different.
Table 2: Region to FQDN Mapping Region Purpose Port FQDN for IPv4/IPv6 North Virginia, US
ZTP
443
IPv4: srx.sdcloud.juniperclouds.net
IPv6: srx-v6.sdcloud.juniperclouds.net
Outbound SSH
7804
IPv4: srx.sdcloud.juniperclouds.net
IPv6: srx-v6.sdcloud.juniperclouds.net
Syslog TLS
6514
IPv4: srx.sdcloud.juniperclouds.net
IPv6: srx-v6.sdcloud.juniperclouds.net
Ohio, US
ZTP
443
IPv4: srx.jsec2-ohio.juniperclouds.net
IPv6: srx-v6.jsec2-ohio.juniperclouds.net
Outbound SSH
7804
IPv4: srx.jsec2-ohio.juniperclouds.net
IPv6: srx-v6.jsec2-ohio.juniperclouds.net
Syslog TLS
6514
IPv4: srx.jsec2-ohio.juniperclouds.net
IPv6: srx-v6.jsec2-ohio.juniperclouds.net
Montreal, Canada
ZTP
443
IPv4: srx.jsec-montreal2.juniperclouds.net
IPv6: srx-v6.jsec-montreal2.juniperclouds.net
Outbound SSH
7804
IPv4: srx.jsec-montreal2.juniperclouds.net
IPv6: srx-v6.jsec-montreal2.juniperclouds.net
Syslog TLS
6514
IPv4: srx.jsec-montreal2.juniperclouds.net
IPv6: srx-v6.jsec-montreal2.juniperclouds.net
Frankfurt, Germany
ZTP
443
IPv4: srx.jsec-frankfurt.juniperclouds.net
IPv6: srx-v6.jsec-frankfurt.juniperclouds.net
Outbound SSH
7804
IPv4: srx.jsec-frankfurt.juniperclouds.net
IPv6: srx-v6.jsec-frankfurt.juniperclouds.net
Syslog TLS
6514
IPv4: srx.jsec-frankfurt.juniperclouds.net
IPv6: srx-v6.jsec-frankfurt.juniperclouds.net
-
Read the privacy consent statement. To allow Juniper Security Director Cloud to analyze
information about your interactions with the portal, select the check box. To opt out,
clear the check box.
By default, consent is enabled for non‑EU regions and disabled for EU regions. You can modify the consent any time.
-
Click OK to save the changes.
An account creation confirmation message is displayed, and you are navigated to the new Organization page.
-
Customize your organization according to the guidelines in Fields on the Organization-Settings Page.
Table 3: Fields on the Organization—Settings Page Field Description Details
Backup logging PoP
Select the cloud-based location where your Secure Edge and SRX Series Firewall logs will be backed up. You cannot change the location after saving the configuration.
This is an optional setting, and you must have a Juniper Security Director Cloud, a Juniper Secure Edge, or a storage license to use this feature.
Note:When you change your trial subscription to a paid subscription, a message to select a backup logging PoP is displayed.
Organization ID
The auto-generated universally unique identifier (UUID) for an organization.
This unique ID is used to identify organizations that have identical names.
Settings
Allow Juniper support to debug
Enable this option to allow Juniper Networks support team to remotely troubleshoot and resolve issues.
Auto-import device after device discovery
Enable this option to automatically import devices after the device discovery process.
This option is enabled by default.
Update disabled rules to device
Enable this option to automatically delete rules on the device when the rules are disabled in Juniper Security Directory Cloud.
This option is enabled by default.
Hit count
Enable this option to track the number of times a policy is used based on traffic flow. The hit count is the number of hits since the last reset. By default, this option is enabled.
In a large policy set, the hit count helps check the usage frequency of rules. If a rule is unused, you can verify whether the rule is shadowed by other policies. You can then manage the device without having to generate traffic manually.
Hit count start time
Set the time to start tracking the policy use.
Juniper Security Directory Cloud collects and updates the policy use statistics every 24 hours. The default start time is 0200 hours.
Unnumbered tunnels
Enable this option to import unnumbered, matching tunnels in a Site-to-Site topology. If this option is disabled, the tunnels are imported in a Hub-and-Spoke topology.
This option is disabled by default.
Snapshots per policy
Set the number of configuration snapshots to store for each device. You can use the snapshots to revert to a previous configuration of a device.
Juniper Security Director Cloud stores the last 10 snapshots.
Confirmed commit timeout Enter the timeout value after which, if there's no response from the device, the committed configuration changes are not deployed on the device. The device rolls back to the previously committed configuration.
The default value is 60 seconds.
Note: To avoid deployment issues, set the commit timeout to match the slowest device in your network. Find out how long the slowest device takes to commit and set the timeout to that time. For example, 120 seconds. This change only affects the specific SRX Series Firewall.Automatic signature install to devices
Enable automatic installation of signature bundles to devices.
Approve/reject device onboarding requests
Enable to prompt you to approve or reject requests to onboard devices through ZTP.
- Click Save.