Using Guided Setup for No Sky ATP (No Selection)

Guided Setup is the most efficient way to complete your initial configuration. Locate Guided Setup from the Configuration > Guided Setup > Threat Prevention menu.

You would make no Sky ATP selection to configure Juniper Connected Security using only custom feeds. Custom feeds are the only threat prevention type available if you make no selection for Sky ATP Configuration Type in the Policy Enforcer Settings page.

The Guided Setup process offers the following steps for configuring threat prevention with custom feeds (No Sky ATP selection). Click Start Setup to begin.

Procedure

  1. Tenants—You can create a tenant representing an Enterprise. When a tenant is created, a VRF is assigned to the tenant. When a site is associated with this tenant, only those devices that have the VRF associated with the tenant can be added to the site.

    Note In Policy Enforcer Release 20.1R1, only MX series devices support LSYS and VRF. Also, only root-logical system is supported. All the sites of a realm are either with tenants or without tenants.

  2. Secure Fabric—Secure Fabric is a collection of network devices (switches, routers, firewalls, and other security devices), used by users or user groups, to which policies for aggregated threat prevention are applied. Once created, secure fabric is located under Devices. For secure fabric, the following is configured:
  3. Policy Enforcement Group—A policy enforcement group is a grouping of endpoints ready to receive advance threat prevention policies. Create a policy enforcement group by adding endpoints (firewalls and switches) under one common group name and later applying a security policy to that group. For policy enforcement group, the following is configured:
  4. Custom Feeds— Policy Enforcer uses threat feeds to provide actionable intelligence to policies about various types of threats. These feeds can come from different sources. In this case, the feeds are customized by adding IP addresses, domains, and URLs to your own lists.

    The following types of custom threat feeds are available:

    Note The Juniper Sky ATP advanced anti-malware detection of the infected host is not supported in SRX Series 300 and SRX Series 320 devices, if these devices are running Junos OS release prior to 18.3R1.

  5. Threat Prevention Policy—A threat prevention policy requires you to create a name for the policy, choose one or more profile types depending on the type of threat prevention this policy provides (infected hosts), and select a log setting. Once configured, you apply policies to policy enforcement groups.
  6. The last page is a summary of the items you have configured using quick setup. Click OK to be taken to the Policies page under Configure > Threat Prevention > Policies and your policy is listed there.
  7. You must update to apply your new or edited policy configuration. Clicking the Ready to Update link takes you the Threat Policy Analysis page. See Threat Policy Analysis Overview. From there you can view your changes and choose to Update now, Update later, or Save them in draft form without updating.