Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Policy Enforcer Installation Overview

    Table 1 lists the general steps to install and configure Policy Enforcer.

    Table 1: Overview of Steps to Install and Configure Policy Enforcer

    Step

    Description

    See

    1

    Install and configure Junos Space and Security Director 16.1 or later.

                   

    Note: After installing Junos Space and Security Director, you must update to the latest Junos Space device schema. See your Junos Space Security Director documentation for more information on upgrading your schema.

    Junos Space Network Management Platform software download

                   

    Junos Space Security Director software download

    2

    Install and configure your SRX Series devices, EX Series switches or QFX Series switches. Switches are “discoverable” through Junos Space.

    For information on discovering switches, see Using Guided Setup for Sky ATP with SDSN.

    Juniper Tech Library

    3

    Download, deploy and configure the Policy Enforcer virtual machine.

    You install Policy Enforcer on an industry-standard x86 server running a hypervisor, either the kernel-based virtual machine (KVM) hypervisor or the VMware ESXi hypervisor.

    Deploying and Configuring the Policy Enforcer with OVA files

    Installing Policy Enforcer with KVM

    4

    Use the Policy Enforcer Settings screen in Security Director (Administration > Policy Enforcer Settings) to identify the Policy Enforcer virtual machine to communicate with.

    Identifying the Policy Enforcer Virtual Machine In Security Director

    5

    Obtain a Sky ATP license and create a Sky ATP portal account.

    Obtaining a Sky ATP License

                   

    Creating a Sky ATP Cloud Web Portal Login Account

    6

    Install the root CA on your Sky ATP-supported SRX Series devices.

    Loading a Root CA

    7

    Configure ClearPass or Cisco ISE as a connector for third-party products (non-Juniper Networks) to unify policy enforcement across all network elements.

    ClearPass Configuration for Third-Party Plug-in

    Cisco ISE Configuration for Third-Party Plug-in

    8

    Use the Guided Setup screens in Security Director to configure Threat Prevention policies and deploy to devices. Optionally, you can configure policies without guided setup.

    Using Guided Setup for Sky ATP with SDSN

                   

    Using Guided Setup for Sky ATP

    Modified: 2018-02-20