Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Secure Fabric Overview

 

Secure Fabric is a collection of sites which contain network devices (switches, routers, firewalls, and other security devices), used in policy enforcement groups. When threat prevention policies are applied to policy enforcement groups, the system automatically discovers to which sites those groups belong. This is how threat prevention is aggregated across your secure fabric.

  • Add Enforcement Points—Click the Add Enforcement Points link to add Firewalls, Switches, and/or Connectors. There is a one-to-one mapping between devices with sites. If a device is mapped to a site, you cannot use the same device to map to a different site. The connector can be mapped to multiple sites. To filter by type, click the three vertical dots beside the search field and select the check box for the device type. See Creating Secure Fabric and Sites for more information.

  • Drag and Drop Enforcement Points—From the main page, you can select enforcement points and drag them to other sites to include them there. When you drag, the enforcement point is disenrolled from the current site and gets enrolled to the new site where the enforcement point is dropped.

    You can either have switches or a connector as enforcement points and not both. However, you can drag a switch and add to a site that already has a switch or SRX Series device.

Table 1 shows fields on the Secure Fabric page.

Table 1: Fields on the Secure Fabric Page

Field

Description

Site

Specifies the name of the secure fabric site.

Enforcement Points

Specifies the enforcement points for that particular site, if enforcement points are already added. If not added, click Add Enforcement Points to add Firewalls, Switches, or Connectors as enforcement points.

Model

Specifies the type of the enforcement point. For example, vSRX, QFX.

IP

Specifies the IP address of the enforcement point, if the enforecement point is available.

SKYATP Enroll Status

Specifies the status of the SkyATP enrollment.

If the status is Failed, click Retry to enroll the device with Sky ATP again. You can hover over the Failed status to see the corresponding job details. The device enroll retry option is available only when the status is Failed.

Last Updated

Specifies the date on which the Secure Fabric page was last updated.

Description

Specifies the description that you had entered at the time of creating a secure fabric site.