Contents
Contents
- Security Director User Guide
- About the Documentation
- Junos Space Security Director
- Dashboard
- Overview
- Monitor
- Events and Logs-All Events
- Events and Logs Overview
- Creating Alerts
- Creating Reports
- Creating Filters
- Grouping Events
- Using Events and Logs Settings
- Selecting Events and Logs Table Columns
- Viewing Threats
- Using the Detailed Log View
- Using the Raw Log View
- Showing Exact Match
- Using Filter on Cell Data
- Using Exclude Cell Data
- Showing Firewall Policy
- Showing Source NAT Policy
- Showing Destination NAT Policy
- Using Filters
- Events and Logs-Firewall
- Events and Logs-Web Filtering
- Events and Logs-VPN
- Events and Logs-Content Filtering
- Events and Logs-Antispam
- Events and Logs-Antivirus
- Events and Logs-IPS
- Threat Prevention-Infected Hosts
- Threat Prevention-C&C Servers
- Threat Prevention-Malware
- Threat Prevention-Manual Upload
- Applications
- Users
- Source IP
- Live Threat Map
- Alerts and Alarms - Overview
- Alerts and Alarms-Alerts
- Alerts and Alarms-Alert Definitions
- Alerts and Alarms-Alarms
- Job Management
- Using Job Management in Security Director
- Overview of Jobs in Security Director
- Archiving and Purging Jobs in Security Director
- Viewing the Details of a Job in Security Director
- Canceling Jobs in Security Director
- Reassigning Jobs in Security Director
- Rescheduling and Modifying the Recurrence of Jobs in Security Director
- Retrying a Failed Job on Devices in Security Director
- Exporting the Details of a Job in Security Director
- Job Management Main Page Fields
- Audit Logs
- Devices
- Security Devices
- Using Features in Security Devices
- Security Devices Overview
- Updating Security-Specific Configurations or Services on Devices
- Resynchronizing Managed Devices with the Network in Security Director
- Uploading Authentication Keys to Devices in Security Director
- Modifying the Configuration of Security Devices
- Modifying the Basic Configuration for Security Devices
- Modifying the Static Routes Configuration for Security Devices
- Modifying the Routing Instances Configuration for Security Devices
- Modifying the Physical Interfaces Configuration for Security Devices
- Modifying the Syslog Configuration for Security Devices
- Modifying the Security Logging Configuration for Security Devices
- Modifying the Screens Configuration for Security Devices
- Modifying the Zones Configuration for Security Devices
- Viewing the Active Configuration of a Device in Security Director
- Deleting Devices in Security Director
- Rebooting Devices in Security Director
- Resolving Key Conflicts in Security Director
- Launching a Web User Interface of a Device in Security Director
- Connecting to a Device by Using SSH in Security Director
- Importing Security Policies to Security Director
- Importing Device Changes
- Viewing Device Changes
- Viewing and Exporting Device Inventory Details in Security Director
- Previewing Device Configurations
- Refreshing Device Certificates
- Assigning Security Devices to Domains
- Acknowledging Device SSH Fingerprints in Security Director
- Viewing Security Device Details
- Security Devices Main Page Fields
- Device Discovery
- Overview of Device Discovery in Security Director
- Creating Device Discovery Profiles in Security Director
- Editing, Cloning, and Deleting Device Discovery Profiles in Security Director
- Running a Device Discovery Profile in Security Director
- Viewing the Device Discovery Profile Details in Security Director
- Device Discovery Main Page Fields
- Secure Fabric
- Configure
- Firewall Policy-Policies
- Firewall Policies Overview
- Policy Ordering Overview
- Creating Firewall Policies
- Firewall Policies Best Practices
- Creating Firewall Policy Rules
- Rule Base Overview
- Rule Operations on Filtered Rules Overview
- Creating and Managing Policy Versions
- Comparing Policies
- Exporting Policies
- Creating Custom Columns
- Importing Policies
- Deleting and Replacing Policies and Objects
- Editing and Cloning Policies and Objects
- Publishing Policies
- Showing Duplicate Policies and Objects
- Showing and Deleting Unused Policies and Objects
- Updating Policies on Devices
- Firewall Policies Main Page Fields
- Firewall Policy Rules Main Page Fields
- Firewall Policy-Devices
- Firewall Policy-Schedules
- Firewall Policy-Profiles
- Firewall Policy-Templates
- Application Firewall Policy-Policies
- Application Firewall Policy-Signatures
- Application Firewall Policy-SSL Forward Proxy Profiles
- User Firewall Management-Active Directory
- User Firewall Management-Access Profile
- IPS Policy-Policies
- Understanding IPS Policies
- Creating IPS Policies
- Creating IPS Policy Rules
- Publishing Policies
- Updating Policies on Devices
- Assigning Devices to Policies
- Creating and Managing Policy Versions
- Creating Rule Name Template
- Exporting Policies
- Unassigning Devices to Policies
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Assigning Policies and Profiles to Domains
- Viewing Policy and Shared Object Details
- IPS Policies Main Page Fields
- IPS Policy-Devices
- IPS Policy-Signatures
- IPS Policy-Templates
- NAT Policy-Policies
- NAT Overview
- NAT Global Address Book Overview
- Creating NAT Policies
- Publishing Policies
- NAT Policy Rules Main Page Field
- Creating NAT Rules
- Updating Policies on Devices
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Comparing Policies
- Creating and Managing Policy Versions
- Assigning Devices to Policies
- Unassigning Devices to Policies
- Creating Rule Name Template
- Configuring NAT Rule Sets
- NAT Policies Main Page Fields
- NAT Policy-Devices
- NAT Policy-Pools
- NAT Policy-Port Sets
- UTM Policy-Policies
- UTM Overview
- Creating UTM Policies
- Comparing Policies
- Deleting and Replacing Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Showing Duplicate Policies and Objects
- Editing and Cloning Policies and Objects
- Showing and Deleting Unused Policies and Objects
- UTM Policies Main Page Fields
- UTM Policy-Web Filtering Profiles
- UTM Policy-Antivirus Profiles
- UTM Policy-Antispam Profiles
- UTM Policy-Content Filtering Profiles
- UTM Policy-Global Device Profiles
- UTM Policy-URL Patterns
- UTM Policy-Custom URL Categories
- Threat Prevention - Policies
- Threat Prevention - Sky ATP Realms
- Threat Prevention - Custom Feeds
- IPsec VPN-VPNs
- IPsec VPN Overview
- Creating IPsec VPNs
- Understanding IPsec VPN Modes
- Comparison of Policy-Based VPNs and Route-Based VPNs
- Understanding IPsec VPN Routing
- Understanding IKE Authentication
- Publishing IPsec VPNs
- Updating IPSec VPN
- Modifying VPN Settings
- Viewing Tunnels
- Importing IPsec VPNs
- IPsec VPN Main Page Fields
- IPsec VPN-Extranet Devices
- IPsec VPN-Profiles
- Shared Objects-Geo IP
- Shared Objects-Policy Enforcement Groups
- Shared Objects-Addresses
- Shared Objects-Services
- Shared Objects-Variables
- Shared Objects-Zone Sets
- Understanding Zone Sets
- Creating Zone Sets
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Finding Usages for Policies and Objects
- Showing and Deleting Unused Policies and Objects
- Showing Duplicate Policies and Objects
- Viewing Policy and Shared Object Details
- Zone Sets Main Page Fields
- Sky ATP with Policy Enforcer Overview
- Installing Policy Enforcer
- Configuring Policy Enforcer Settings (Required Sky ATP, Policy Enforcer, and Cloud Feeds)
- Guided Setup-Sky ATP with Policy Enforcer
- Guided Setup-Sky ATP
- Manual Configuration-Sky ATP with Policy Enforcer
- Configuring Sky ATP with PE (Without Quick Setup) Overview
- Creating Sky ATP Realms and Enrolling Devices or Associating Sites
- Secure Fabric Overview
- Creating Secure Fabric and Sites
- Editing or Deleting a Secure Fabric
- Policy Enforcement Groups Overview
- Creating Policy Enforcement Groups
- Threat Prevention Policy Overview
- Creating Threat Prevention Policies
- Threat Policy Analysis Overview
- Geo IP Overview
- Creating Geo IP Policies
- Manual Configuration-Sky ATP
- Configuring Cloud Feeds Only
- Reports
- Administration
- My Profile
- Users and Roles-Users
- Overview of Users in Security Director
- Creating Users in Security Director
- Editing and Deleting Users in Security Director
- Viewing and Terminating Active User Sessions in Security Director
- Viewing the User Details in Security Director
- Clearing Local Passwords for Users in Security Director
- Disabling and Enabling Users in Security Director
- Unlocking Users in Security Director
- Users Main Page Fields
- Users and Roles-Roles
- Domain RBAC Overview
- Creating Customized Roles in Security Director
- Understanding Roles in Security Director
- Editing, Cloning, and Deleting Roles in Security Director
- Viewing the Details of a Role in Security Director
- Importing and Exporting Roles in Security Director
- Roles Main Page Fields
- Users and Roles-Domains
- Overview of Domains in Security Director
- Creating Domains in Security Director
- Editing and Deleting Domains in Security Director
- Exporting Domains in Security Director
- Viewing Users, Devices, and Remote Profiles Assigned to a Domain in Security Director
- Assigning Devices to Domains in Security Director
- Assigning and Unassigning Remote Profiles to Domains in Security Director
- Assigning and Unassigning Users to Domains in Security Director
- Domains Main Page Fields
- Users and Roles-Remote Profiles
- Logging Management
- Logging Management-Logging Nodes
- Logging Management-Statistics & Troubleshooting
- Logging Management-Logging Devices
- Monitor Settings
- Signature Database
- Migrating Content from NSM to Security Director
- Monitoring and Troubleshooting with Security Director Log Collector
- Log Collector Node Failure
- Unable to View Logs on the Monitor Page In Security Director
- Adding a Log Collector Node
- Monitoring Logs In Log Collector
- Increasing the Disk Size of Log Collector
- Unable to View System Logs Information
- Status of Log Collector Node Is Down
- Load Balance in Log Reception
- Unable to View Logging Infrastructure Information
Contents
- Security Director User Guide
- About the Documentation
- Junos Space Security Director
- Dashboard
- Overview
- Monitor
- Events and Logs-All Events
- Events and Logs Overview
- Creating Alerts
- Creating Reports
- Creating Filters
- Grouping Events
- Using Events and Logs Settings
- Selecting Events and Logs Table Columns
- Viewing Threats
- Using the Detailed Log View
- Using the Raw Log View
- Showing Exact Match
- Using Filter on Cell Data
- Using Exclude Cell Data
- Showing Firewall Policy
- Showing Source NAT Policy
- Showing Destination NAT Policy
- Using Filters
- Events and Logs-Firewall
- Events and Logs-Web Filtering
- Events and Logs-VPN
- Events and Logs-Content Filtering
- Events and Logs-Antispam
- Events and Logs-Antivirus
- Events and Logs-IPS
- Threat Prevention-Infected Hosts
- Threat Prevention-C&C Servers
- Threat Prevention-Malware
- Threat Prevention-Manual Upload
- Applications
- Users
- Source IP
- Live Threat Map
- Alerts and Alarms - Overview
- Alerts and Alarms-Alerts
- Alerts and Alarms-Alert Definitions
- Alerts and Alarms-Alarms
- Job Management
- Using Job Management in Security Director
- Overview of Jobs in Security Director
- Archiving and Purging Jobs in Security Director
- Viewing the Details of a Job in Security Director
- Canceling Jobs in Security Director
- Reassigning Jobs in Security Director
- Rescheduling and Modifying the Recurrence of Jobs in Security Director
- Retrying a Failed Job on Devices in Security Director
- Exporting the Details of a Job in Security Director
- Job Management Main Page Fields
- Audit Logs
- Devices
- Security Devices
- Using Features in Security Devices
- Security Devices Overview
- Updating Security-Specific Configurations or Services on Devices
- Resynchronizing Managed Devices with the Network in Security Director
- Uploading Authentication Keys to Devices in Security Director
- Modifying the Configuration of Security Devices
- Modifying the Basic Configuration for Security Devices
- Modifying the Static Routes Configuration for Security Devices
- Modifying the Routing Instances Configuration for Security Devices
- Modifying the Physical Interfaces Configuration for Security Devices
- Modifying the Syslog Configuration for Security Devices
- Modifying the Security Logging Configuration for Security Devices
- Modifying the Screens Configuration for Security Devices
- Modifying the Zones Configuration for Security Devices
- Viewing the Active Configuration of a Device in Security Director
- Deleting Devices in Security Director
- Rebooting Devices in Security Director
- Resolving Key Conflicts in Security Director
- Launching a Web User Interface of a Device in Security Director
- Connecting to a Device by Using SSH in Security Director
- Importing Security Policies to Security Director
- Importing Device Changes
- Viewing Device Changes
- Viewing and Exporting Device Inventory Details in Security Director
- Previewing Device Configurations
- Refreshing Device Certificates
- Assigning Security Devices to Domains
- Acknowledging Device SSH Fingerprints in Security Director
- Viewing Security Device Details
- Security Devices Main Page Fields
- Device Discovery
- Overview of Device Discovery in Security Director
- Creating Device Discovery Profiles in Security Director
- Editing, Cloning, and Deleting Device Discovery Profiles in Security Director
- Running a Device Discovery Profile in Security Director
- Viewing the Device Discovery Profile Details in Security Director
- Device Discovery Main Page Fields
- Secure Fabric
- Configure
- Firewall Policy-Policies
- Firewall Policies Overview
- Policy Ordering Overview
- Creating Firewall Policies
- Firewall Policies Best Practices
- Creating Firewall Policy Rules
- Rule Base Overview
- Rule Operations on Filtered Rules Overview
- Creating and Managing Policy Versions
- Comparing Policies
- Exporting Policies
- Creating Custom Columns
- Importing Policies
- Deleting and Replacing Policies and Objects
- Editing and Cloning Policies and Objects
- Publishing Policies
- Showing Duplicate Policies and Objects
- Showing and Deleting Unused Policies and Objects
- Updating Policies on Devices
- Firewall Policies Main Page Fields
- Firewall Policy Rules Main Page Fields
- Firewall Policy-Devices
- Firewall Policy-Schedules
- Firewall Policy-Profiles
- Firewall Policy-Templates
- Application Firewall Policy-Policies
- Application Firewall Policy-Signatures
- Application Firewall Policy-SSL Forward Proxy Profiles
- User Firewall Management-Active Directory
- User Firewall Management-Access Profile
- IPS Policy-Policies
- Understanding IPS Policies
- Creating IPS Policies
- Creating IPS Policy Rules
- Publishing Policies
- Updating Policies on Devices
- Assigning Devices to Policies
- Creating and Managing Policy Versions
- Creating Rule Name Template
- Exporting Policies
- Unassigning Devices to Policies
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Assigning Policies and Profiles to Domains
- Viewing Policy and Shared Object Details
- IPS Policies Main Page Fields
- IPS Policy-Devices
- IPS Policy-Signatures
- IPS Policy-Templates
- NAT Policy-Policies
- NAT Overview
- NAT Global Address Book Overview
- Creating NAT Policies
- Publishing Policies
- NAT Policy Rules Main Page Field
- Creating NAT Rules
- Updating Policies on Devices
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Comparing Policies
- Creating and Managing Policy Versions
- Assigning Devices to Policies
- Unassigning Devices to Policies
- Creating Rule Name Template
- Configuring NAT Rule Sets
- NAT Policies Main Page Fields
- NAT Policy-Devices
- NAT Policy-Pools
- NAT Policy-Port Sets
- UTM Policy-Policies
- UTM Overview
- Creating UTM Policies
- Comparing Policies
- Deleting and Replacing Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Showing Duplicate Policies and Objects
- Editing and Cloning Policies and Objects
- Showing and Deleting Unused Policies and Objects
- UTM Policies Main Page Fields
- UTM Policy-Web Filtering Profiles
- UTM Policy-Antivirus Profiles
- UTM Policy-Antispam Profiles
- UTM Policy-Content Filtering Profiles
- UTM Policy-Global Device Profiles
- UTM Policy-URL Patterns
- UTM Policy-Custom URL Categories
- Threat Prevention - Policies
- Threat Prevention - Sky ATP Realms
- Threat Prevention - Custom Feeds
- IPsec VPN-VPNs
- IPsec VPN Overview
- Creating IPsec VPNs
- Understanding IPsec VPN Modes
- Comparison of Policy-Based VPNs and Route-Based VPNs
- Understanding IPsec VPN Routing
- Understanding IKE Authentication
- Publishing IPsec VPNs
- Updating IPSec VPN
- Modifying VPN Settings
- Viewing Tunnels
- Importing IPsec VPNs
- IPsec VPN Main Page Fields
- IPsec VPN-Extranet Devices
- IPsec VPN-Profiles
- Shared Objects-Geo IP
- Shared Objects-Policy Enforcement Groups
- Shared Objects-Addresses
- Shared Objects-Services
- Shared Objects-Variables
- Shared Objects-Zone Sets
- Understanding Zone Sets
- Creating Zone Sets
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Finding Usages for Policies and Objects
- Showing and Deleting Unused Policies and Objects
- Showing Duplicate Policies and Objects
- Viewing Policy and Shared Object Details
- Zone Sets Main Page Fields
- Sky ATP with Policy Enforcer Overview
- Installing Policy Enforcer
- Configuring Policy Enforcer Settings (Required Sky ATP, Policy Enforcer, and Cloud Feeds)
- Guided Setup-Sky ATP with Policy Enforcer
- Guided Setup-Sky ATP
- Manual Configuration-Sky ATP with Policy Enforcer
- Configuring Sky ATP with PE (Without Quick Setup) Overview
- Creating Sky ATP Realms and Enrolling Devices or Associating Sites
- Secure Fabric Overview
- Creating Secure Fabric and Sites
- Editing or Deleting a Secure Fabric
- Policy Enforcement Groups Overview
- Creating Policy Enforcement Groups
- Threat Prevention Policy Overview
- Creating Threat Prevention Policies
- Threat Policy Analysis Overview
- Geo IP Overview
- Creating Geo IP Policies
- Manual Configuration-Sky ATP
- Configuring Cloud Feeds Only
- Reports
- Administration
- My Profile
- Users and Roles-Users
- Overview of Users in Security Director
- Creating Users in Security Director
- Editing and Deleting Users in Security Director
- Viewing and Terminating Active User Sessions in Security Director
- Viewing the User Details in Security Director
- Clearing Local Passwords for Users in Security Director
- Disabling and Enabling Users in Security Director
- Unlocking Users in Security Director
- Users Main Page Fields
- Users and Roles-Roles
- Domain RBAC Overview
- Creating Customized Roles in Security Director
- Understanding Roles in Security Director
- Editing, Cloning, and Deleting Roles in Security Director
- Viewing the Details of a Role in Security Director
- Importing and Exporting Roles in Security Director
- Roles Main Page Fields
- Users and Roles-Domains
- Overview of Domains in Security Director
- Creating Domains in Security Director
- Editing and Deleting Domains in Security Director
- Exporting Domains in Security Director
- Viewing Users, Devices, and Remote Profiles Assigned to a Domain in Security Director
- Assigning Devices to Domains in Security Director
- Assigning and Unassigning Remote Profiles to Domains in Security Director
- Assigning and Unassigning Users to Domains in Security Director
- Domains Main Page Fields
- Users and Roles-Remote Profiles
- Logging Management
- Logging Management-Logging Nodes
- Logging Management-Statistics & Troubleshooting
- Logging Management-Logging Devices
- Monitor Settings
- Signature Database
- Migrating Content from NSM to Security Director
- Monitoring and Troubleshooting with Security Director Log Collector
- Log Collector Node Failure
- Unable to View Logs on the Monitor Page In Security Director
- Adding a Log Collector Node
- Monitoring Logs In Log Collector
- Increasing the Disk Size of Log Collector
- Unable to View System Logs Information
- Status of Log Collector Node Is Down
- Load Balance in Log Reception
- Unable to View Logging Infrastructure Information
Policy Enforcer Overview
Policy Enforcer provides centralized, integrated management of all your security devices (both physical and virtual), giving you the ability to combine threat intelligence from different solutions and act on that intelligence from one management point.
It also automates the enforcement of security policies across the network and quarantines infected endpoints to prevent threats across firewalls and switches. It works with cloud-based Sky Advanced Threat Prevention (Sky ATP) to protect both perimeter-oriented threats as well as threats within the network. For example, if a user downloads a file from the Internet and that file passes through an SRX firewall, the file can be sent to the Sky ATP cloud for malware inspection (depending on your configuration settings.) If the file is determined to be malware, Policy Enforcer identifies the IP address and MAC address of the host that downloaded the file. Based on a user-defined policy, that host can be put into a quarantine VLAN or blocked from accessing the Internet.
Policy Enforcer provides the following:
- Pervasive Security—Combine security features and intelligence from devices across your network, including switches, routers, firewalls, to create a “secure fabric” that leverages information you can use to create policies that address threats in real-time and into the future. With monitoring capabilities, it can also act as a sensor, providing visibility for intra- and inter-network communications.
- User Intent-Based Policies—Create policies according to logical business structures such as users, user groups, geographical locations, sites, tenants, applications, or threat risks. This allows network devices (switches, routers, firewalls and other security devices) to share information, resources, and when threats are detected, remediation actions within the network.
- Threat Intelligence Aggregation—Gather threat information from multiple locations and devices, both physical and virtual, as well as third party solutions.
Figure 23 illustrates the flow diagram of Policy Enforcer over a traditional SRX configuration.
Figure 23: Comparing Traditional SRX Customers to Policy Enforcer Customers
Related Documentation
- Benefits of Policy Enforcer
- Policy Enforcer Components
- Sky ATP Features
- Comparing the SDSN and non-SDSN Configuration Steps
- Policy Enforcer Installation Overview
- Using Quick Setup for Sky ATP with Policy Enforcer
- Using Quick Setup for Sky ATP
- Configuring Sky ATP with PE (Without Quick Setup) Overview
Feedback Received. Thank You!
Related Topics