Help Center User GuideGetting StartedFAQsRelease Notes
User Guide
Getting Started
Release Notes

Policy Enforcer Overview

Policy Enforcer provides centralized, integrated management of all your security devices (both physical and virtual), giving you the ability to combine threat intelligence from different solutions and act on that intelligence from one management point.

It also automates the enforcement of security policies across the network and quarantines infected endpoints to prevent threats across firewalls and switches. It works with cloud-based Sky Advanced Threat Prevention (Sky ATP) to protect both perimeter-oriented threats as well as threats within the network. For example, if a user downloads a file from the Internet and that file passes through an SRX firewall, the file can be sent to the Sky ATP cloud for malware inspection (depending on your configuration settings.) If the file is determined to be malware, Policy Enforcer identifies the IP address and MAC address of the host that downloaded the file. Based on a user-defined policy, that host can be put into a quarantine VLAN or blocked from accessing the Internet.

Policy Enforcer provides the following:

Figure 24 illustrates the flow diagram of Policy Enforcer over a traditional SRX configuration.

Figure 24: Comparing Traditional SRX Customers to Policy Enforcer Customers

Comparing Traditional SRX Customers
to Policy Enforcer Customers

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support