Help Center User GuideGetting StartedFAQsRelease Notes
User Guide
Getting Started
Release Notes

Policy Enforcer Components

The Policy Enforcer Deployment Model uses the following components:

Figure 27 illustrates how the components in the Policy Enforcer Deployment Model interact.

Figure 27: Components of the Policy Enforcer Deployment Model

Components of the Policy Enforcer
Deployment Model

Figure 28 shows an example infected endpoint scenario to illustrate how some of the components work together.

Figure 28: Blocking an Infected Endpoint

Blocking an Infected Endpoint




A user downloads a file from the Internet.


Based on user-defined policies, the file is sent to the Sky ATP cloud for malware inspection.


The inspection determines this file is malware and informs Policy Enforcer of the results.


The enforcement policy is automatically deployed to the SRX Series device and switches.


The infected endpoint is quarantined.

Policy Enforcer can track the infected endpoint and automatically quarantine it or block it from accessing the Internet if the user moves from one campus location to another. See Figure 29.

Figure 29: Tracking Infected Endpoint Movement

Tracking Infected Endpoint Movement

In this example, Sky ATP identifies the endpoint as having an IP address of and resides in SVL-A. The EX Series switch quarantines it because it has been labeled as an infected host by Sky ATP. Suppose the infected host physically moves from location SVL-A to location SVL-B. The EX Series switch (in SVL-B) microservice tracks the MAC address to the new IP address and automatically quarantines it. Policy Enforcer then informs Sky ATP of the new MAC address-to-IP address binding.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support