Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQs
Release Notes
Contents  

Policy Enforcer Components

The Policy Enforcer Deployment Model uses the following components:

Figure 26 illustrates how the components in the Policy Enforcer Deployment Model interact.

Figure 26: Components of the Policy Enforcer Deployment Model

Components of the Policy Enforcer
Deployment Model

Figure 27 shows an example infected endpoint scenario to illustrate how some of the components work together.

Figure 27: Blocking an Infected Endpoint

Blocking an Infected Endpoint

Step

Action

1

A user downloads a file from the Internet.

2

Based on user-defined policies, the file is sent to the Sky ATP cloud for malware inspection.

3

The inspection determines this file is malware and informs Policy Enforcer of the results.

4

The enforcement policy is automatically deployed to the SRX Series device and switches.

5

The infected endpoint is quarantined.

Policy Enforcer can track the infected endpoint and automatically quarantine it or block it from accessing the Internet if the user moves from one campus location to another. See Figure 28.

Figure 28: Tracking Infected Endpoint Movement

Tracking Infected Endpoint Movement

In this example, Sky ATP identifies the endpoint as having an IP address of 192.168.10.1 and resides in SVL-A. The EX Series switch quarantines it because it has been labeled as an infected host by Sky ATP. Suppose the infected host physically moves from location SVL-A to location SVL-B. The EX Series switch (in SVL-B) microservice tracks the MAC address to the new IP address and automatically quarantines it. Policy Enforcer then informs Sky ATP of the new MAC address-to-IP address binding.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit