Example: Configure Juniper ATP Cloud for vSRX Virtual Firewall
This example shows how to configure Juniper ATP Cloud on a vSRX Virtual Firewall instance that is deployed in a virtual private cloud (VPC).
Before You Begin
Ensure that you have installed and launched a vSRX Virtual Firewall instance in a VPC.
Overview
You can use Juniper ATP Cloud, a cloud-based solution, along with vSRX Virtual Firewall to protect all hosts in your network against evolving security threats.
Juniper ATP Cloud Configuration
Procedure
Step-by-Step Procedure
To configure Juniper ATP Cloud on a vSRX Virtual Firewall instance:
-
Log in to the vSRX Virtual Firewall instance using SSH and start the CLI.
root@% cli root@>
Enter configuration mode.
root@> configure [edit] root@#
Set up the correct data interface for the active advanced antimalware (AAMW) service instead of using the default fxp0 interface.
root@#
set services advanced-anti-malware connection source-interface ge-0/0/0.0Configure NAT.
root@# set security nat source rule-set rs1 from zone trust root@# set security nat source rule-set rs1 to zone untrust root@# set security nat source rule-set rs1 rule r1 match source-address 0.0.0.0/0 root@# set security nat source rule-set rs1 rule r1 match destination-address 0.0.0.0/0
root@# set security nat source rule-set rs1 rule r1 then source-nat interfaceSet up virtual routing instance for the correct data interface for AAMW service.
root@# set routing-instances vsrx-vr1 instance-type virtual-router root@# set routing-instances vsrx-vr1 routing-options static route 0.0.0.0/0 next-hop 10.4.1.1 root@# set routing-instances vsrx-vr1 interface ge-0/0/0.0 root@# set routing-instances vsrx-vr1 interface ge-0/0/1.0
Verify the configuration.
root@# commit check configuration check succeeds
-
Commit the configuration to activate it on the vSRX Virtual Firewall instance.
root@# commit commit complete
Optionally, you can verify the configuration by running the following show commands in the configuration mode:
show services advanced-anti-malware connection | display set
show security nat | display set
-
show routing-instances vsrx-vr1 | display set