Deploying IDP Series with Juniper Networks Access Control Devices for Coordinated Threat Control

The Juniper Networks coordinated threat control solution is an secure access solution deployment that leverages event logs collected by IDP Series devices. The following sections provide an overview of the solution:

Purpose

When the IDP Series appliance detects a security event (be it a threat or any traffic that breaks an administrator configured policy), it can, in addition to blocking that threat, send the event log to a Juniper Networks SA Series or IC Series device in real time.

The SA Series or IC Series device can then use the log data to identify the user session that is the source of the undesired traffic. It can take appropriate actions on the endpoint, such as notifying the administrator, terminating the user session, disabling the user account, or mapping the user to a quarantine role.

Administrators can configure the quarantine role to provide users with a lower level of access and inform them why they have been quarantined and what they should do next. During remediation, administrators can enforce additional endpoint security checks or push additional endpoint protection software.

Topology

In a coordinated threat control deployment, Juniper Networks devices communicate using Transport Layer Security (TLS).

Figure 21 shows a split deployment, where the SA Series appliance has been deployed for extended enterprise access and the IDP Series appliance for security for all perimeter traffic including, but not limited to, the traffic coming from the SA Series appliance.

Figure 21: Coordinated Threat Control Deployment Diagram: SA Series Split Deployment

Image g036680.gif

Figure 22 shows an internal deployment, where only encrypted SSL traffic terminated at the SA Series appliance has access to the protected network and the IDP Series appliance is deployed to inspect only traffic coming through the SA Series appliance.

Figure 22: Coordinated Threat Control Deployment Diagram: SA Series Internal Deployment

Image g036681.gif

Figure 23 shows deployment with an IC Series UAC device.

Figure 23: Coordinated Threat Control Deployment Diagram: IC Series Deployment

Image g036679.gif

Configuration Overview

From the IDP Series side, you use the Appliance Configuration Manager (ACM) to generate a one-time password the SA Series or IC Series device will use to connect to the IDP Series device. Figure 24 shows the ACM page used to generate a password.

Figure 24: ACM: Generating a One-Time Password for the Connection from an SA Series or IC Series Appliance

Image s036694.gif

From the SA Series or IC Series side, you configure the connection to the IDP Series device, specifying the IP address, port 7103, and the one-time password. Figure 25 shows the IC Series Admin Console Sensor Configuration page. The SA Series Admin Console Sensor Configuration page is similar.

Figure 25: IC Series Admin Console: Configuring the Connection to the IDP Series Appliance

Image s036695.gif

Integration Notes

To avoid issues with integration:

Related Documentation

The following related topics are included in the IDP Series Administration Guide: