Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Secure Fabric and Sites

    To access this page, click Devices>Secure Fabric.

    You create sites within your secure fabric from the secure fabric page.

    • Plan out your sites in advance. A site is a grouping of network devices, including firewalls and switches, that contribute to threat prevention.
    • Keep in mind that when you create a site, you must identify the perimeter firewalls so you can enroll them with Sky ATP.
    • If you want to enforce an infected host policy within the network, you must assign a switch to the site.
    • Devices cannot belong to multiple sites.
    • Switches and connectors cannot be added to the same site

    To create a site within your secure fabric:

    1. Select Devices>Secure Fabric.
    2. Click the + icon.
    3. Complete the configuration by using the guidelines in Table 1 below.
    4. Click OK.
    5. Create a new site and assign or reassign devices to a site by following the guidelines inTable 2 below.

    Table 1: Fields on the Create Site Page

    Field

    Description

    Site

    Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum.

    Description

    Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators.

    Table 2: Fields on the Sites Main Page

    Field

    Description

    Name

    The user-created name of the site.

    Enforcement Points/IP addresses

    Click the Add Enforcement Points link to add Firewalls, Switches, and/or Connectors.

    All device types are displayed in the list. To filter by type, click the three vertical dots beside the search field and select the check box for the device type.

    To include a device, select the check box beside the device in the Unassigned Devices list and click the > icon to move them to the Selected list. The devices in the Selected list will be included in the site.

    Indicate whether a device is a firewall or a switch by selecting the check box. Only perimeter SRX Series devices can be enrolled with Sky ATP, therefore the system must know which devices those are.

    Note: Firewall devices are automatically enrolled with Sky ATP as part of this step. No manual enrollment is required. The only exception is “no selection” mode where Sky ATP is not available and therefore no enrollment takes place. (see Sky ATP Configuration Type Overview)

    Note: If you want to enforce an infected host policy within the network, you must assign a switch to the site.

    Warning: If you add certain SRX Series Devices to your Secure Fabric as enforcement points, you may see a warning that the device(s) must be reconfigured in enhanced mode and require a reboot. Here is a list of SRX models that may require rebooting for enhanced mode after being registered with Policy Enforcer/Sky ATP.

    • SRX340
    • SRX345
    • SRX650
    • SRX240h2
    • SRX320
    • SRX300
    • SRX550

    Modified: 2017-10-20