Using Guided Setup for Sky ATP

Guided Setup is the most efficient way to complete your initial configuration. Locate Guided Setup from the Configuration > Guided Setup > Threat Prevention menu.

Click Start Setup from Configuration > Guided Setup > Threat Prevention to begin.

Procedure

  1. Add a Sky ATP Realm—If you have not created a realm from within your Sky ATP account, you can create it here by clicking the + sign. Once you add a realm, you can enroll SRX Series devices into the realm. A security realm is a group identifier for an organization used to restrict access to Web applications. You can create one or multiple realms. See Sky ATP Realm Overview for information. A realm has the following configuration fields
  2. Click Add devices to enroll them in threat prevention before proceeding to the next step. Devices designated as perimeter firewalls are automatically enrolled with Sky ATP.
  3. Create a Policy—You create a name for the policy, choose one or more profile types depending on the type of threat prevention this policy provides (C&C Server, Infected Host, Malware), and select a log setting.
  4. Geo IP—Geo IP refers to the method of locating a computer terminal's geographic location by identifying that terminal's IP address. A Geo IP feed is an up-to-date mapping of IP addresses to geographical regions. By mapping IP address to the sources of attack traffic, geographic regions of origin can be determined, giving you the ability to filter traffic to and from specific locations in the world. For Geo IP, you configure the following:
  5. The last page is a summary of the items you have configured. Click OK to be taken to the Policies page under Configure > Threat Prevention, and your policy is listed there.

Note When you are using Sky ATP without Policy Enforcer, you must assign the policy to a firewall rule before it can take affect. Navigate to Configure > Firewall Policy > Policies. In the Advanced Security column, click an existing item to access the Edit Advanced Security page and select the Threat Prevention Policy from the Threat Prevention pulldown list.