Contents
Contents
- Security Director User Guide
- About the Documentation
- Junos Space Security Director
- Dashboard
- Overview
- Monitor
- Events and Logs-All Events
- Events and Logs Overview
- Creating Alerts
- Creating Reports
- Creating Filters
- Grouping Events
- Using Events and Logs Settings
- Selecting Events and Logs Table Columns
- Viewing Threats
- Using the Detailed Log View
- Using the Raw Log View
- Showing Exact Match
- Using Filter on Cell Data
- Using Exclude Cell Data
- Showing Firewall Policy
- Showing Source NAT Policy
- Showing Destination NAT Policy
- Downloading Packets Captured
- Showing Attack Details
- Using Filters
- Events and Logs-Firewall
- Events and Logs-Web Filtering
- Events and Logs-VPN
- Events and Logs-Content Filtering
- Events and Logs-Antispam
- Events and Logs-Antivirus
- Events and Logs-IPS
- Events and Logs-Screen
- Events and Logs-Sky ATP
- Events and Logs-Apptrack
- Threat Prevention-Hosts
- Threat Prevention-C&C Servers
- Threat Prevention-HTTP File Download
- Threat Prevention-Email Quarantine and Scanning
- Threat Prevention-IMAP Block
- Threat Prevention-Manual Upload
- Applications
- Users
- Source IP
- Live Threat Map
- Alerts and Alarms - Overview
- Alerts and Alarms-Alerts
- Alerts and Alarms-Alert Definitions
- Alerts and Alarms-Alarms
- VPN
- Job Management
- Using Job Management in Security Director
- Overview of Jobs in Security Director
- Archiving and Purging Jobs in Security Director
- Viewing the Details of a Job in Security Director
- Canceling Jobs in Security Director
- Reassigning Jobs in Security Director
- Rescheduling and Modifying the Recurrence of Jobs in Security Director
- Retrying a Failed Job on Devices in Security Director
- Exporting the Details of a Job in Security Director
- Job Management Main Page Fields
- Audit Logs
- Packet Capture
- NSX Inventory-Security Groups
- vCenter Server Inventory-Virtual Machines
- Devices
- Security Devices
- Using Features in Security Devices
- Security Devices Overview
- Updating Security-Specific Configurations or Services on Devices
- Resynchronizing Managed Devices with the Network in Security Director
- Performing Commit Check
- Uploading Authentication Keys to Devices in Security Director
- Modifying the Configuration of Security Devices
- Modifying the Basic Configuration for Security Devices
- Modifying the Static Routes Configuration for Security Devices
- Modifying the Routing Instances Configuration for Security Devices
- Modifying the Physical Interfaces Configuration for Security Devices
- Modifying the Syslog Configuration for Security Devices
- Modifying the Security Logging Configuration for Security Devices
- Modifying the Screens Configuration for Security Devices
- Modifying the Zones Configuration for Security Devices
- Modifying the IPS Configuration for Security Devices
- Configuring Aruba ClearPass for Security Devices
- Configuring APBR Tunables for Security Devices
- Modifying the Express Path Configuration for Security Devices
- Modifying the Device Information Source Configuration for Security Devices
- Viewing the Active Configuration of a Device in Security Director
- Deleting Devices in Security Director
- Rebooting Devices in Security Director
- Resolving Key Conflicts in Security Director
- Launching a Web User Interface of a Device in Security Director
- Connecting to a Device by Using SSH in Security Director
- Importing Security Policies to Security Director
- Importing Device Changes
- Viewing Device Changes
- Viewing and Exporting Device Inventory Details in Security Director
- Previewing Device Configurations
- Refreshing Device Certificates
- Assigning Security Devices to Domains
- Acknowledging Device SSH Fingerprints in Security Director
- Viewing Security Device Details
- Security Devices Main Page Fields
- Device Discovery
- Overview of Device Discovery in Security Director
- Creating Device Discovery Profiles in Security Director
- Editing, Cloning, and Deleting Device Discovery Profiles in Security Director
- Running a Device Discovery Profile in Security Director
- Viewing the Device Discovery Profile Details in Security Director
- Device Discovery Main Page Fields
- Secure Fabric
- NSX Managers
- Understanding Juniper SDSN for VMware NSX Integration
- Before You Deploy vSRX in VMware NSX Environment
- Juniper SDSN for VMware NSX Licensing
- About the NSX Managers Page
- Downloading the SSH Key File
- Adding the NSX Manager
- Registering Security Services
- Editing NSX Managers
- Viewing Service Definitions
- Deleting the NSX Manager
- Deploying the vSRX as an Advanced Security Service in a VMware NSX Environment
- Creating a Security Group (VMware vCenter Server)
- Discovering the NSX Manager and Registering vSRX as a Security Service in vSphere cluster
- Deploying vSRX as a Security Service on a vSphere Cluster (VMware vCenter Server)
- Verifying vSRX Agent VM Deployment in Security Director
- Automatic Creation of Security Policy in the NSX Environment to Direct Traffic Through the vSRX Agent VMs (VMware vCenter Server)
- vCenter Servers
- Configure
- Firewall Policy-Policies
- Firewall Policies Overview
- Policy Ordering Overview
- Creating Firewall Policies
- Firewall Policies Best Practices
- Creating Firewall Policy Rules
- Rule Base Overview
- Rule Operations on Filtered Rules Overview
- Creating and Managing Policy Versions
- Comparing Policies
- Exporting Policies
- Creating Custom Columns
- Importing Policies
- Deleting and Replacing Policies and Objects
- Editing and Cloning Policies and Objects
- Publishing Policies
- Showing Duplicate Policies and Objects
- Showing and Deleting Unused Policies and Objects
- Updating Policies on Devices
- Firewall Policies Main Page Fields
- Firewall Policy Rules Main Page Fields
- Firewall Policy-Devices
- Firewall Policy-Schedules
- Firewall Policy-Profiles
- Understanding Firewall Policy Profiles
- Understanding Captive Portal Support for Unauthenticated Browser Users
- Creating Firewall Policy Profiles
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Assigning Policies and Profiles to Domains
- Viewing Policy and Shared Object Details
- Firewall Policy Profiles Main Page Fields
- Firewall Policy-Templates
- Environment
- Environment Variables and Conditions Overview
- About the Environment Page
- Creating a New Environment Variable
- Editing and Deleting Environment Variables
- Creating a New Environment Condition
- Editing and Deleting Environment Conditions
- Application Firewall Policy-Policies
- Application Firewall Policy-Signatures
- Understanding Custom Application Signatures
- Creating Application Signatures
- Editing, Cloning, and Deleting Custom Application Signatures
- Creating Application Signature Groups
- Application Signatures Main Page Fields
- SSL Profiles
- User Firewall Management-Active Directory
- User Firewall Management-Access Profile
- User Firewall Management-Identity Management
- Juniper Identity Management Service Overview
- About the Identity Management Profile Page
- Creating Identity Management Profiles
- Editing, Cloning, and Deleting Identity Management Profiles
- Updating the Identity Management Profile to SRX Series Devices
- User Firewall Management-End User Profile
- IPS Policy-Policies
- Understanding IPS Policies
- Creating IPS Policies
- Creating IPS Policy Rules
- Publishing Policies
- Updating Policies on Devices
- Assigning Devices to Policies
- Creating and Managing Policy Versions
- Creating Rule Name Template
- Exporting Policies
- Unassigning Devices to Policies
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Assigning Policies and Profiles to Domains
- Viewing Policy and Shared Object Details
- IPS Policies Main Page Fields
- IPS Policy-Devices
- IPS Policy-Signatures
- IPS Policy-Templates
- NAT Policy-Policies
- NAT Overview
- NAT Global Address Book Overview
- Creating NAT Policies
- Publishing Policies
- NAT Policy Rules Main Page Field
- Creating NAT Rules
- Updating Policies on Devices
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Comparing Policies
- Creating and Managing Policy Versions
- Assigning Devices to Policies
- Unassigning Devices to Policies
- Creating Rule Name Template
- Configuring NAT Rule Sets
- NAT Policies Main Page Fields
- NAT Policy-Devices
- NAT Policy-Pools
- NAT Policy-Port Sets
- UTM Policy-Policies
- UTM Overview
- Creating UTM Policies
- Comparing Policies
- Deleting and Replacing Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Showing Duplicate Policies and Objects
- Editing and Cloning Policies and Objects
- Showing and Deleting Unused Policies and Objects
- UTM Policies Main Page Fields
- UTM Policy-Web Filtering Profiles
- UTM Policy-Category Update
- UTM Policy-Antivirus Profiles
- UTM Policy-Antispam Profiles
- UTM Policy-Content Filtering Profiles
- UTM Policy-Global Device Profiles
- UTM Policy-URL Patterns
- UTM Policy-Custom URL Categories
- Application Routing Policies
- Understanding Application-Based Routing
- About the Application Routing Policies Page
- Configuring Advanced Policy-Based Routing Policy
- About the Rules Page (Advanced Policy-Based Routing)
- Creating Advanced Policy-Based Routing Rules
- About the App Based Routing Page
- Editing and Cloning Policies and Objects
- Assigning Devices to Policies
- Customizing Profile Names
- Publishing Policies
- Updating Policies on Devices
- Threat Prevention - Policies
- Creating Threat Prevention Policies
- Threat Prevention Policy Overview
- Threat Policy Analysis Overview
- Implementing Threat Policy on VMWare NSX
- Threat Prevention - Sky ATP Realms
- Threat Prevention - Custom Feeds
- Threat Prevention - Email Management
- Threat Prevention - Malware Management
- IPsec VPN-VPNs
- IPsec VPN Overview
- Creating IPsec VPNs
- Understanding IPsec VPN Modes
- Comparison of Policy-Based VPNs and Route-Based VPNs
- Understanding IPsec VPN Routing
- Understanding IKE Authentication
- Publishing IPsec VPNs
- Updating IPSec VPN
- Modifying VPN Settings
- Viewing Tunnels
- Importing IPsec VPNs
- IPsec VPN Main Page Fields
- IPsec VPN-Extranet Devices
- IPsec VPN-Profiles
- Shared Objects-Geo IP
- Shared Objects-Policy Enforcement Groups
- Shared Objects-Addresses
- Shared Objects-Services
- Shared Objects-Variables
- Shared Objects-Zone Sets
- Understanding Zone Sets
- Creating Zone Sets
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Finding Usages for Policies and Objects
- Showing and Deleting Unused Policies and Objects
- Showing Duplicate Policies and Objects
- Viewing Policy and Shared Object Details
- Zone Sets Main Page Fields
- Shared Objects-Metadata
- Change Management-Change Requests
- Change Control Workflow Overview
- Creating a Firewall or NAT Policy Change Request
- About the Changes Submitted Page
- Approving and Updating Changes Submitted
- Creating and Updating a Firewall Policy Using Change Control Workflow
- Editing, Denying, and Deleting Change Requests
- About the Changes Not Submitted Page
- Discarding Policy Changes
- Viewing Submitted and Unsubmitted Policy Changes
- Change Management-Change Request History
- Overview of Policy Enforcer and Sky ATP
- Concepts and Configuration Types to Understand Before You Begin (Policy Enforcer and Sky ATP)
- Installing Policy Enforcer
- Policy Enforcer Installation Overview
- Deploying and Configuring the Policy Enforcer with OVA files
- Installing Policy Enforcer with KVM
- Policy Enforcer Ports
- Identifying the Policy Enforcer Virtual Machine In Security Director
- Obtaining a Sky ATP License
- Creating a Sky ATP Cloud Web Portal Login Account
- Loading a Root CA
- Upgrading Your Policy Enforcer Software
- Configuring Policy Enforcer Settings and Connectors
- Policy Enforcer Settings
- Policy Enforcer Connector Overview
- Creating a Policy Enforcer Connector for Public and Private Clouds
- Creating a Policy Enforcer Connector for Third-Party Switches
- Editing and Deleting a Connector
- Viewing VPC or Projects Details
- ClearPass Configuration for Third-Party Plug-in
- Cisco ISE Configuration for Third-Party Plug-in
- Guided Setup-Sky ATP with SDSN
- Guided Setup-Sky ATP
- Guided Setup for No Sky ATP (No Selection)
- Manual Configuration-Sky ATP with SDSN
- Configuring Sky ATP with SDSN (Without Guided Setup) Overview
- Creating Sky ATP Realms and Enrolling Devices or Associating Sites
- Secure Fabric Overview
- Creating Secure Fabric and Sites
- Editing or Deleting a Secure Fabric
- Policy Enforcement Groups Overview
- Creating Policy Enforcement Groups
- Threat Prevention Policy Overview
- Creating Threat Prevention Policies
- Threat Policy Analysis Overview
- Geo IP Overview
- Creating Geo IP Policies
- Manual Configuration-Sky ATP
- Configuring Cloud Feeds Only
- Configuring No Sky ATP (No Selection) (without Guided Setup)
- Migration Instructions for Spotlight Secure Customers
- Reports
- Administration
- My Profile
- Users and Roles-Users
- Overview of Users in Security Director
- Creating Users in Security Director
- Editing and Deleting Users in Security Director
- Viewing and Terminating Active User Sessions in Security Director
- Viewing the User Details in Security Director
- Clearing Local Passwords for Users in Security Director
- Disabling and Enabling Users in Security Director
- Unlocking Users in Security Director
- Users Main Page Fields
- Users and Roles-Roles
- Domain RBAC Overview
- Creating Customized Roles in Security Director
- Understanding Roles in Security Director
- Editing, Cloning, and Deleting Roles in Security Director
- Viewing the Details of a Role in Security Director
- Importing and Exporting Roles in Security Director
- Roles Main Page Fields
- Users and Roles-Domains
- Overview of Domains in Security Director
- Creating Domains in Security Director
- Editing and Deleting Domains in Security Director
- Exporting Domains in Security Director
- Viewing Users, Devices, and Remote Profiles Assigned to a Domain in Security Director
- Assigning Devices to Domains in Security Director
- Assigning and Unassigning Remote Profiles to Domains in Security Director
- Assigning and Unassigning Users to Domains in Security Director
- Domains Main Page Fields
- Users and Roles-Remote Profiles
- Logging Management
- Logging Management-Logging Nodes
- Logging Management-Statistics & Troubleshooting
- Logging Management-Logging Devices
- Monitor Settings
- Signature Database
- Migrating Content from NSM to Security Director
Contents
- Security Director User Guide
- About the Documentation
- Junos Space Security Director
- Dashboard
- Overview
- Monitor
- Events and Logs-All Events
- Events and Logs Overview
- Creating Alerts
- Creating Reports
- Creating Filters
- Grouping Events
- Using Events and Logs Settings
- Selecting Events and Logs Table Columns
- Viewing Threats
- Using the Detailed Log View
- Using the Raw Log View
- Showing Exact Match
- Using Filter on Cell Data
- Using Exclude Cell Data
- Showing Firewall Policy
- Showing Source NAT Policy
- Showing Destination NAT Policy
- Downloading Packets Captured
- Showing Attack Details
- Using Filters
- Events and Logs-Firewall
- Events and Logs-Web Filtering
- Events and Logs-VPN
- Events and Logs-Content Filtering
- Events and Logs-Antispam
- Events and Logs-Antivirus
- Events and Logs-IPS
- Events and Logs-Screen
- Events and Logs-Sky ATP
- Events and Logs-Apptrack
- Threat Prevention-Hosts
- Threat Prevention-C&C Servers
- Threat Prevention-HTTP File Download
- Threat Prevention-Email Quarantine and Scanning
- Threat Prevention-IMAP Block
- Threat Prevention-Manual Upload
- Applications
- Users
- Source IP
- Live Threat Map
- Alerts and Alarms - Overview
- Alerts and Alarms-Alerts
- Alerts and Alarms-Alert Definitions
- Alerts and Alarms-Alarms
- VPN
- Job Management
- Using Job Management in Security Director
- Overview of Jobs in Security Director
- Archiving and Purging Jobs in Security Director
- Viewing the Details of a Job in Security Director
- Canceling Jobs in Security Director
- Reassigning Jobs in Security Director
- Rescheduling and Modifying the Recurrence of Jobs in Security Director
- Retrying a Failed Job on Devices in Security Director
- Exporting the Details of a Job in Security Director
- Job Management Main Page Fields
- Audit Logs
- Packet Capture
- NSX Inventory-Security Groups
- vCenter Server Inventory-Virtual Machines
- Devices
- Security Devices
- Using Features in Security Devices
- Security Devices Overview
- Updating Security-Specific Configurations or Services on Devices
- Resynchronizing Managed Devices with the Network in Security Director
- Performing Commit Check
- Uploading Authentication Keys to Devices in Security Director
- Modifying the Configuration of Security Devices
- Modifying the Basic Configuration for Security Devices
- Modifying the Static Routes Configuration for Security Devices
- Modifying the Routing Instances Configuration for Security Devices
- Modifying the Physical Interfaces Configuration for Security Devices
- Modifying the Syslog Configuration for Security Devices
- Modifying the Security Logging Configuration for Security Devices
- Modifying the Screens Configuration for Security Devices
- Modifying the Zones Configuration for Security Devices
- Modifying the IPS Configuration for Security Devices
- Configuring Aruba ClearPass for Security Devices
- Configuring APBR Tunables for Security Devices
- Modifying the Express Path Configuration for Security Devices
- Modifying the Device Information Source Configuration for Security Devices
- Viewing the Active Configuration of a Device in Security Director
- Deleting Devices in Security Director
- Rebooting Devices in Security Director
- Resolving Key Conflicts in Security Director
- Launching a Web User Interface of a Device in Security Director
- Connecting to a Device by Using SSH in Security Director
- Importing Security Policies to Security Director
- Importing Device Changes
- Viewing Device Changes
- Viewing and Exporting Device Inventory Details in Security Director
- Previewing Device Configurations
- Refreshing Device Certificates
- Assigning Security Devices to Domains
- Acknowledging Device SSH Fingerprints in Security Director
- Viewing Security Device Details
- Security Devices Main Page Fields
- Device Discovery
- Overview of Device Discovery in Security Director
- Creating Device Discovery Profiles in Security Director
- Editing, Cloning, and Deleting Device Discovery Profiles in Security Director
- Running a Device Discovery Profile in Security Director
- Viewing the Device Discovery Profile Details in Security Director
- Device Discovery Main Page Fields
- Secure Fabric
- NSX Managers
- Understanding Juniper SDSN for VMware NSX Integration
- Before You Deploy vSRX in VMware NSX Environment
- Juniper SDSN for VMware NSX Licensing
- About the NSX Managers Page
- Downloading the SSH Key File
- Adding the NSX Manager
- Registering Security Services
- Editing NSX Managers
- Viewing Service Definitions
- Deleting the NSX Manager
- Deploying the vSRX as an Advanced Security Service in a VMware NSX Environment
- Creating a Security Group (VMware vCenter Server)
- Discovering the NSX Manager and Registering vSRX as a Security Service in vSphere cluster
- Deploying vSRX as a Security Service on a vSphere Cluster (VMware vCenter Server)
- Verifying vSRX Agent VM Deployment in Security Director
- Automatic Creation of Security Policy in the NSX Environment to Direct Traffic Through the vSRX Agent VMs (VMware vCenter Server)
- vCenter Servers
- Configure
- Firewall Policy-Policies
- Firewall Policies Overview
- Policy Ordering Overview
- Creating Firewall Policies
- Firewall Policies Best Practices
- Creating Firewall Policy Rules
- Rule Base Overview
- Rule Operations on Filtered Rules Overview
- Creating and Managing Policy Versions
- Comparing Policies
- Exporting Policies
- Creating Custom Columns
- Importing Policies
- Deleting and Replacing Policies and Objects
- Editing and Cloning Policies and Objects
- Publishing Policies
- Showing Duplicate Policies and Objects
- Showing and Deleting Unused Policies and Objects
- Updating Policies on Devices
- Firewall Policies Main Page Fields
- Firewall Policy Rules Main Page Fields
- Firewall Policy-Devices
- Firewall Policy-Schedules
- Firewall Policy-Profiles
- Understanding Firewall Policy Profiles
- Understanding Captive Portal Support for Unauthenticated Browser Users
- Creating Firewall Policy Profiles
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Assigning Policies and Profiles to Domains
- Viewing Policy and Shared Object Details
- Firewall Policy Profiles Main Page Fields
- Firewall Policy-Templates
- Environment
- Environment Variables and Conditions Overview
- About the Environment Page
- Creating a New Environment Variable
- Editing and Deleting Environment Variables
- Creating a New Environment Condition
- Editing and Deleting Environment Conditions
- Application Firewall Policy-Policies
- Application Firewall Policy-Signatures
- Understanding Custom Application Signatures
- Creating Application Signatures
- Editing, Cloning, and Deleting Custom Application Signatures
- Creating Application Signature Groups
- Application Signatures Main Page Fields
- SSL Profiles
- User Firewall Management-Active Directory
- User Firewall Management-Access Profile
- User Firewall Management-Identity Management
- Juniper Identity Management Service Overview
- About the Identity Management Profile Page
- Creating Identity Management Profiles
- Editing, Cloning, and Deleting Identity Management Profiles
- Updating the Identity Management Profile to SRX Series Devices
- User Firewall Management-End User Profile
- IPS Policy-Policies
- Understanding IPS Policies
- Creating IPS Policies
- Creating IPS Policy Rules
- Publishing Policies
- Updating Policies on Devices
- Assigning Devices to Policies
- Creating and Managing Policy Versions
- Creating Rule Name Template
- Exporting Policies
- Unassigning Devices to Policies
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Assigning Policies and Profiles to Domains
- Viewing Policy and Shared Object Details
- IPS Policies Main Page Fields
- IPS Policy-Devices
- IPS Policy-Signatures
- IPS Policy-Templates
- NAT Policy-Policies
- NAT Overview
- NAT Global Address Book Overview
- Creating NAT Policies
- Publishing Policies
- NAT Policy Rules Main Page Field
- Creating NAT Rules
- Updating Policies on Devices
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Comparing Policies
- Creating and Managing Policy Versions
- Assigning Devices to Policies
- Unassigning Devices to Policies
- Creating Rule Name Template
- Configuring NAT Rule Sets
- NAT Policies Main Page Fields
- NAT Policy-Devices
- NAT Policy-Pools
- NAT Policy-Port Sets
- UTM Policy-Policies
- UTM Overview
- Creating UTM Policies
- Comparing Policies
- Deleting and Replacing Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Showing Duplicate Policies and Objects
- Editing and Cloning Policies and Objects
- Showing and Deleting Unused Policies and Objects
- UTM Policies Main Page Fields
- UTM Policy-Web Filtering Profiles
- UTM Policy-Category Update
- UTM Policy-Antivirus Profiles
- UTM Policy-Antispam Profiles
- UTM Policy-Content Filtering Profiles
- UTM Policy-Global Device Profiles
- UTM Policy-URL Patterns
- UTM Policy-Custom URL Categories
- Application Routing Policies
- Understanding Application-Based Routing
- About the Application Routing Policies Page
- Configuring Advanced Policy-Based Routing Policy
- About the Rules Page (Advanced Policy-Based Routing)
- Creating Advanced Policy-Based Routing Rules
- About the App Based Routing Page
- Editing and Cloning Policies and Objects
- Assigning Devices to Policies
- Customizing Profile Names
- Publishing Policies
- Updating Policies on Devices
- Threat Prevention - Policies
- Creating Threat Prevention Policies
- Threat Prevention Policy Overview
- Threat Policy Analysis Overview
- Implementing Threat Policy on VMWare NSX
- Threat Prevention - Sky ATP Realms
- Threat Prevention - Custom Feeds
- Threat Prevention - Email Management
- Threat Prevention - Malware Management
- IPsec VPN-VPNs
- IPsec VPN Overview
- Creating IPsec VPNs
- Understanding IPsec VPN Modes
- Comparison of Policy-Based VPNs and Route-Based VPNs
- Understanding IPsec VPN Routing
- Understanding IKE Authentication
- Publishing IPsec VPNs
- Updating IPSec VPN
- Modifying VPN Settings
- Viewing Tunnels
- Importing IPsec VPNs
- IPsec VPN Main Page Fields
- IPsec VPN-Extranet Devices
- IPsec VPN-Profiles
- Shared Objects-Geo IP
- Shared Objects-Policy Enforcement Groups
- Shared Objects-Addresses
- Shared Objects-Services
- Shared Objects-Variables
- Shared Objects-Zone Sets
- Understanding Zone Sets
- Creating Zone Sets
- Editing and Cloning Policies and Objects
- Deleting and Replacing Policies and Objects
- Finding Usages for Policies and Objects
- Showing and Deleting Unused Policies and Objects
- Showing Duplicate Policies and Objects
- Viewing Policy and Shared Object Details
- Zone Sets Main Page Fields
- Shared Objects-Metadata
- Change Management-Change Requests
- Change Control Workflow Overview
- Creating a Firewall or NAT Policy Change Request
- About the Changes Submitted Page
- Approving and Updating Changes Submitted
- Creating and Updating a Firewall Policy Using Change Control Workflow
- Editing, Denying, and Deleting Change Requests
- About the Changes Not Submitted Page
- Discarding Policy Changes
- Viewing Submitted and Unsubmitted Policy Changes
- Change Management-Change Request History
- Overview of Policy Enforcer and Sky ATP
- Concepts and Configuration Types to Understand Before You Begin (Policy Enforcer and Sky ATP)
- Installing Policy Enforcer
- Policy Enforcer Installation Overview
- Deploying and Configuring the Policy Enforcer with OVA files
- Installing Policy Enforcer with KVM
- Policy Enforcer Ports
- Identifying the Policy Enforcer Virtual Machine In Security Director
- Obtaining a Sky ATP License
- Creating a Sky ATP Cloud Web Portal Login Account
- Loading a Root CA
- Upgrading Your Policy Enforcer Software
- Configuring Policy Enforcer Settings and Connectors
- Policy Enforcer Settings
- Policy Enforcer Connector Overview
- Creating a Policy Enforcer Connector for Public and Private Clouds
- Creating a Policy Enforcer Connector for Third-Party Switches
- Editing and Deleting a Connector
- Viewing VPC or Projects Details
- ClearPass Configuration for Third-Party Plug-in
- Cisco ISE Configuration for Third-Party Plug-in
- Guided Setup-Sky ATP with SDSN
- Guided Setup-Sky ATP
- Guided Setup for No Sky ATP (No Selection)
- Manual Configuration-Sky ATP with SDSN
- Configuring Sky ATP with SDSN (Without Guided Setup) Overview
- Creating Sky ATP Realms and Enrolling Devices or Associating Sites
- Secure Fabric Overview
- Creating Secure Fabric and Sites
- Editing or Deleting a Secure Fabric
- Policy Enforcement Groups Overview
- Creating Policy Enforcement Groups
- Threat Prevention Policy Overview
- Creating Threat Prevention Policies
- Threat Policy Analysis Overview
- Geo IP Overview
- Creating Geo IP Policies
- Manual Configuration-Sky ATP
- Configuring Cloud Feeds Only
- Configuring No Sky ATP (No Selection) (without Guided Setup)
- Migration Instructions for Spotlight Secure Customers
- Reports
- Administration
- My Profile
- Users and Roles-Users
- Overview of Users in Security Director
- Creating Users in Security Director
- Editing and Deleting Users in Security Director
- Viewing and Terminating Active User Sessions in Security Director
- Viewing the User Details in Security Director
- Clearing Local Passwords for Users in Security Director
- Disabling and Enabling Users in Security Director
- Unlocking Users in Security Director
- Users Main Page Fields
- Users and Roles-Roles
- Domain RBAC Overview
- Creating Customized Roles in Security Director
- Understanding Roles in Security Director
- Editing, Cloning, and Deleting Roles in Security Director
- Viewing the Details of a Role in Security Director
- Importing and Exporting Roles in Security Director
- Roles Main Page Fields
- Users and Roles-Domains
- Overview of Domains in Security Director
- Creating Domains in Security Director
- Editing and Deleting Domains in Security Director
- Exporting Domains in Security Director
- Viewing Users, Devices, and Remote Profiles Assigned to a Domain in Security Director
- Assigning Devices to Domains in Security Director
- Assigning and Unassigning Remote Profiles to Domains in Security Director
- Assigning and Unassigning Users to Domains in Security Director
- Domains Main Page Fields
- Users and Roles-Remote Profiles
- Logging Management
- Logging Management-Logging Nodes
- Logging Management-Statistics & Troubleshooting
- Logging Management-Logging Devices
- Monitor Settings
- Signature Database
- Migrating Content from NSM to Security Director
Sky ATP Overview
Sky ATP is a cloud-based solution that integrates with Policy Enforcer. Cloud environments are flexible and scalable, and a shared environment ensures that everyone benefits from new threat intelligence in near real-time. Your sensitive data is secured even though it is in a cloud shared environment. Security administrators can update their defenses when new attack techniques are discovered and distribute the threat intelligence with very little delay.
Sky ATP offers the following features:
- Communicates with firewalls and switches to simplify threat prevention policy deployment and enhance the anti-threat capabilities across the network.
- Delivers protection against “zero-day” threats using a combination of tools to provide robust coverage against sophisticated, evasive threats.
- Checks inbound and outbound traffic with policy enhancements that allow users to stop malware, quarantine infected systems, prevent data exfiltration, and disrupt lateral movement.
- Provides deep inspection, actionable reporting, and inline malware blocking.
- Provides feeds for GeoIP, C&C, whitelist and blacklist, infection hosts, custom configured feeds and file submission.
Figure 77 lists the Sky ATP components.
Figure 77: Sky ATP Components
Table 280 briefly describes each Sky ATP component’s operation.
Table 280: Sky ATP Components
Component | Operation |
|---|---|
Command and control (C&C) cloud feeds | C&C feeds are essentially a list of servers that are known command and control for botnets. The list also includes servers that are known sources for malware downloads. See Command and Control Servers Overview. |
GeoIP cloud feeds | GeoIP feeds is an up-to-date mapping of IP addresses to geographical regions. This gives you the ability to filter traffic to and from specific geographies in the world. |
Infected host cloud feeds | Infected hosts indicate local devices that are potentially compromised because they appear to be part of a C&C network or other exhibit other symptoms. See Infected Hosts Overview. |
Custom Feeds | Lists you customize by adding IP addresses, domains, and URLs to your own lists. See Custom Feed Sources Overview. |
Whitelists and blacklists | A whitelist is simply a list of known IP addresses that you trust and a blacklist is a list that you do not trust. See Creating Whitelists and Blacklists. |
Malware inspection pipeline | Performs malware analysis and threat detection. |
Internal compromise detection | Inspects files, metadata, and other information. |
Related Documentation
- Sky ATP Realm Overview
- Using Guided Setup for Sky ATP
- Configuring Sky ATP (No SDSN and No Guided Setup) Overview
Feedback Received. Thank You!
Previous
Benefits of Policy Enforcer