Policy Enforcer Settings

To configure your Policy Enforcer, perform the following actions.

Before You Begin

Procedure

To set up a Sky ATP or JATP Configuration Type, you must do the following:

  1. Select Security Director>Administration>Policy enforcer>Settings.
  2. Enter the IP address for the policy enforcer virtual machine. (This is the IP address you configured during the PE VM installation. You can locate this IP address in the vSphere Center portal.)
  3. Enter the password for the policy enforcer virtual machine. (This is the same password you use to login to the VM with your root credentials. Note that the username defaults to root )

    Note Refer to Deploying and Configuring the Policy Enforcer with OVA files for instructions on downloading Policy Enforcer and creating your policy enforcer virtual machine.

  4. If you want to use certificate based authentication, enable the Certificate Based Authentication option.

    Browse the X509 certificate file and X509 certificate Key file.

  5. Select a Sky ATP Configuration Type. If you do not select a type, Policy Enforcer works in default mode. (SeeSky ATP Configuration Type Overview for more information.)

    Refer Table 317 to understand the supported threat prevention types for different Policy Enforcer modes:

    Table 317: Supported Threat Prevention Types for Different PE Modes

     

    Threat Prevention Type

    No Selection (Default)

    Cloud Feeds Only

    Sky ATP or JATP

    Sky ATP or JATP with Juniper Connected Security

    Custom feeds

    Yes

    Yes

    Yes

    Yes

    Command and Control (C&C) feeds

    Yes

    Yes

    Yes

    Yes

    Infected Host feed

    -

    Yes

    Yes

    Yes

    Malware inspection

    -

    -

    Yes

    Yes

    Enforcement on EX Series and QFX Series switches or using 3rd party Connectors

    -

    -

    -

    Yes

    You cannot change or modify a higher configuration to a basic mode. For example, you cannot change:

    Warning If you change to a lower mode, you must reinstall Security Director and Policy Enforcer.

    However, you can change or modify your configuration to a higher mode. For example you can change:

  6. Polling timers affect how often the system polls to discover endpoints. There are two polling timers, one that polls network wide and one that polls site wide. They each have default settings, but you can change those defaults to poll more or less often.
  7. Click the Download button to view or save Policy Enforcer data logs to your local system. These logs are in a compressed file format.