Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 

New and Changed Features

This section describes the new features in Policy Enforcer Release 17.2R1.

  • Implementing threat policy on VMware NSX—Juniper Sky ATP identifies the infected virtual machines(VMs) running on VMware NSX and tags these VMs as infected. This action is based on the malware file exchange from the infected VMs, on the command and control communication with known botnet sites on the internet or both.
  • Sky ATP feature support—–The following Sky ATP features are supported:
    • IMAP e-mail support—You can use the Sky ATP Email Management page to configure e-mail management for IMAP. Enrolled SRX Series devices can transparently submit suspicious e-mails to Sky ATP for inspection and blocking. You can also take action on blocked e-mails, including releasing them and adding them to a blacklist.
    • X-Forwarded-For (XFF) header—XFF is a standard header added to packets by a proxy server that includes the real IP address of the client making the HTTP or HTTPS request. Therefore, if you add trusted proxy server IP addresses to a list in Sky ATP, by matching this list with the IP addresses in the HTTP header (or XFF) for requests sent from SRX Series devices, Sky ATP can determine the originating IP address.
    • Hash lookup—In the Create File Inspection Profile page, the Hash lookup only option is added to the File Categories section.
  • MX routers as enforcement points and DDoS profile support—MX routers can be added as enforcement points to a Secure Fabric. Also, you can now include a DDoS profile when configuring the threat prevention policies and create a custom feed for DDoS.

    The following actions can be taken when DDoS is detected on the MX router:

    • Block—Block a DDoS attack.
    • Rate Limit Value—Limit the bandwidth on the flow route. You can express the rate limit value in Kbps, Mbps, or Gbps units.
    • Forward To—Configure the routing next hop to forward packets for scrubbing.

Modified: 2017-12-26