Configuring Cloud Feeds Only
This in an outline of the configuration tasks you must
complete to configure Cloud feeds only threat prevention.
Before You Begin
- A Sky ATP license and account are needed for all threat
prevention types (Sky ATP with PE, Sky ATP, and Cloud feeds only).
If you do not have a Sky ATP license, contact your local sales office
or Juniper Networks partner to place an order for a Sky ATP premium
license. If you do not have a Sky ATP account, when you configure
Sky ATP, you are redirected to the Sky ATP server to create one. Please
obtain a license before you try to create a Sky ATP account. Refer
to Installing Policy Enforcer for instructions on obtaining a Sky ATP premium license.
- Before you configure Cloud Feeds you must enter the IP
address and login credentials for the policy enforcer virtual machine.
Go to Administration > PE Settings. Once this
information is entered, you can begin the setup process. See Policy Enforcer Settings. (Refer to Installing Policy Enforcer for instructions
on downloading Policy Enforcer and creating your policy enforcer virtual
machine.)
Procedure
To configure Security Director for Cloud feed only threat
prevention, do the following:
Note: Cloud feed only configuration is similar to Sky ATP (without
PE) configuration. The only differences being that devices do not
have to be enrolled to Sky ATP and the only threat prevention types
available are command and control server and Geo IP.
- Create one or more Sky ATP realms and add devices to the
realm. (Note that devices do not have to be enrolled to Sky ATP for
Cloud Feed only mode.)
In the UI, navigate to Configure>Threat Prevention>Sky ATP Realms. Click the + icon to add a
new Sky ATP realm.
See Creating Sky ATP Realms and Enrolling Devices or Associating Sites for details.
- Create a threat prevention policy for Command and Control
server. (Note that this is the only threat prevention, besides Geo
IP, supported for Cloud Feed only mode.)
In the UI, navigate to Configure>Threat Prevention >Policy. Click the + icon to create a new
threat prevention policy.
See Creating Threat Prevention Policies for details.
- Configure Geo IP settings for inclusion in a firewall
policy. See Creating Geo IP Policies.
You must select your Geo IP policy as the source and/or destination
of a firewall rule before it can take effect. Navigate to Configure > Firewall Policy > Policies.
.
- You must assign a command and control server threat prevention
policy to a firewall rule before it can take affect.
In the UI, navigate to Configure > Firewall
Policy > Policies. In the Advanced Security column,
click an item to access the Edit Advanced Security page and select
the threat prevention policy from the Threat Prevention pulldown list.
Related Documentation
Help us to improve. Rate this article.
Feedback Received. Thank You!