Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Creating Secure Fabric and Sites

To access this page, click Devices>Secure Fabric.

You create sites within your secure fabric from the secure fabric page.

Before You Begin

Procedure

To create a site within your secure fabric:

  1. Select Devices>Secure Fabric.
  2. Click the + icon.
  3. Complete the configuration by using the guidelines in Table 126 below.
  4. Click OK.
  5. Create a new site and assign or reassign devices to a site by following the guidelines inTable 127 below.

Table 315: Fields on the Create Site Page

Field

Description

Site

Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum.

Description

Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators.

Table 316: Fields on the Sites Main Page

Field

Description

Name

The user-created name of the site.

Enforcement Points/IP addresses

Click the Add Enforcement Points link to add Firewalls, Switches, and/or Connectors.

All device types are displayed in the list. To filter by type, click the three vertical dots beside the search field and select the check box for the device type.

To include a device, select the check box beside the device in the Unassigned Devices list and click the > icon to move them to the Selected list. The devices in the Selected list will be included in the site.

There is a one-to-one mapping between devices and connectors with sites. If a device or a connector is mapped to a site, you cannot use the same device or a connector to map to a different site.

Indicate whether a device is a firewall or a switch by selecting the check box. Only perimeter SRX Series devices can be enrolled with Sky ATP, therefore the system must know which devices those are.

Note: Firewall devices are automatically enrolled with Sky ATP as part of this step. No manual enrollment is required. The only exception is “no selection” mode where Sky ATP is not available and therefore no enrollment takes place. (see Sky ATP Configuration Type Overview)

The name of the connector type is shown as a tool tip when you hover over the name.

Note:

  • When a connector instance is assigned to a site, that particular connector instance will not be listed as available enforcement point for other sites.
  • If you want to enforce an infected host policy within the network, you must assign a switch to the site.
  • Assigning a device to the site will cause a change in the device configuration.

Note: If you add certain SRX Series Devices to your Secure Fabric as enforcement points, you may see a warning that the device(s) must be reconfigured in enhanced mode and require a reboot. Here is a list of SRX models that may require rebooting for enhanced mode after being registered with Policy Enforcer/Sky ATP.

  • SRX340
  • SRX345
  • SRX650
  • SRX240h2
  • SRX320
  • SRX300
  • SRX550

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit