Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

ForeScout CounterACT Integration with Juniper SDSN

This quick start guide enables you to configure ForeScout CounterACT connector on Policy Enforcer. Before you configure the ForeScout connector, you must ensure that the ForeScout CounterACT is installed and running with the Open Integration Modules (OIM). The ForeScout OIM consists of two plugins: Data Exchange (DEX) and WebAPI. Install both the modules and ensure that both are running.

If you do not have CounterACT installed in your network, obtain an evaluation copy from here.

This topic includes the following sections:

Configuring the DEX Plugin

The DEX module receives API information on infected host from the ForeScout connector. The infected host messages can be either block or quarantine. An additional property, Test, is also configured under this module. This property ensures that the web services are available for Policy Enforcer, monitors the network status, and validates username and password.

Procedure

To configure the DEX plugin:

  1. Select Tools > Options > Data Exchange (DEX) in the CounterACT UI.

    The Data Exchange configuration page appears.

  2. In the Data Exchange page, select CounterACT Web Services > Accounts tab, as shown in Figure 98.

    Figure 98: DEX Accounts Page

    DEX Accounts Page
  3. Select Add.

    The Add page appears.

  4. In the Name field, enter the name for the CounterACT web service account.

    Use this name as DEX User Role while creating the ForeScout connector in Security Director.

  5. In the Description field, enter a brief description of the purpose of the web service account.
  6. In the Username field, enter the username for authorizing CounterACT to access the web service account.
  7. In the Password field, enter the password for authorizing CounterACT to access this web service account.
  8. Click OK.
  9. In the Properties tab, select Add.

    The General pane of the Add Property from CounterACT Web Service wizard opens.

  10. Add properties such as block, quarantine, and Test, as shown in Figure 99.

    You must include the Test property. Otherwise, you cannot add CounterACT as a third-party connector to Policy Enforcer successfully.

    Figure 99: DEX Properties Page

    DEX Properties Page
  11. In the Security Settings tab, specify the IP address or an IP address range from where communication is expected, as shown in Figure 100.

    Although not recommended, you can configure the All IPs option to allow communication with Policy Enforcer.

    Figure 100: DEX Security Settings Page

    DEX Security
Settings Page
  12. Click OK.

    The IP address or a range appears in the IP Address Range list.

  13. In the DEX page, select Apply.

    The configuration is saved and the status is displayed.

Configuring the Web API Plugin

The Web API plugin permits external entities to communicate with CounterACT using a simple, yet powerful web service requests based on HTTP interaction. Configure the Web API module to create an account for Policy Enforcer integration.

Procedure

To configure the Web API module:

  1. Select Tools > Options > Web API.

    The Web API page appears.

  2. In the User Settings tab, select Add.

    The Add Credentials dialog appears.

  3. Use the same username and password that you have created for the DEX configuration and click OK, as shown in Figure 101.

    Figure 101: Web API User Settings Page

    Web API User Settings
Page
  4. Select the Client IPs tab and click Add.

    The Add IP Range page appears.

  5. Specify the IP address or an IP address range from where the communication is expected, as shown in Figure 102.

    Although not recommended, you can configure the All IPs option to permit communication with Policy Enforcer.

    Figure 102: Web API Client IPs Page

    Web API Client IPs
Page
  6. Click Apply to save and apply your configuration.

Creating ForeScout CounterACT Connector in Security Director

Once you configure DEX and Web API modules, create a connector for ForeScout CounterACT in Security Director.

Procedure

To create a ForeScout CounterACT connector in Junos Space Security Director:

  1. Select Security Director > Administration > Policy Enforcer > Connectors.

    The Connectors page appears.

  2. Click the create icon (+).

    The Create Connector page appears.

  3. In the General tab, select the Connector Type as ForeScout CounterACT and provide username, DEX User Role, and password, as shown in Figure 103. Specify the port number as 443 for communication.

    Figure 103: Edit Connector Page

    Edit Connector Page
  4. In the Network Details tab, configure the IP subnets, as shown in Figure 104.

    CounterACT treats the IP subnets as endpoints and takes action.

    Figure 104: Edit Connector - Network Details Page

    Edit
Connector - Network Details Page
  5. In the Configuration tab, specify the WebAPI username and password, as shown in Figure 105.

    Figure 105: ForeScout Connector - Configuration Tab

    ForeScout
Connector - Configuration Tab
  6. Click Finish.

    A new ForeScout CounterACT connector is created.

  7. Verify that the communication from Policy Enforcer to CounterACT is working.

Once the initial set up is completed, in the CounterACT UI, create policies for CounterACT to take the necessary action on the infected hosts. The block or quarantine appears as a host property, as shown in Figure 106.

Figure 106: Host Information

Host Information

Table 300 shows the recommended actions performed by CounterACT for the infected hosts (block or quarantine).

Table 300: Recommended Action for the Infected Hosts

Infected Host Policy Enforcer Action

Connection State

Action Performed by CounterACT

Block

Wired

Apply ACL to block inbound and outbound for a specific MAC address.

Wireless

Apply WLAN block on the endpoint, which will block the traffic based on the wireless MAC address.

Dot1x

Apply CoA

Quarantine

Wired

Apply VLAN. This is specified by Policy Enforcer.

Wireless

Apply VLAN. This is specified by Policy Enforcer.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit