Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Modifying Sky ATP Realm

 

Use the Modify Sky ATP Realm page to modify the site information and global configuration information of an existing Sky ATP realm. You can also view devices from the realm that are not managed by Security Director.

In the Global Configuration section, you can add trusted proxy server IP addresses to Sky ATP. When there is a proxy server between users on the network and a firewall, the firewall might see the proxy server IP address as the source of an HTTP or HTTPS request instead of the actual address of the user making the request.

With this in mind, X-Forwarded-For (XFF) is a standard header added to packets by a proxy server that includes the real IP address of the client making the request. Therefore, if you add trusted proxy servers IP addresses to the list in Sky ATP, by matching this list with the IP addresses in the HTTP header (X-Forwarded-For field) for requests sent from the SRX Series devices, Sky ATP can determine the originating IP address.

Note

X-Forwarded-For (XFF) only applies to HTTP or HTTPS traffic, and only if the proxy server supports the XFF header.

To modify a Sky ATP realm:

  1. Select Configure > Threat Prevention > Sky ATP Realms.

    The Sky ATP Realms page appears.

  2. Select the realm and click the pencil icon to modify the configuration.

    The Modify Sky ATP Realm page appears.

  3. Complete the configuration by using the guidelines in Table 1.
  4. Click Finish to complete the configuration or Cancel to discard the changes.
Note

Assigning a site to the realm will cause a change in the device configuration in the associated devices.

Table 1: Fields on the Modify Sky ATP Realm page

Field

Description

Site

Site

Select a site to enroll into the realm. If there are no sites associated with the realm, click Create new site.

Unmanaged Devices

Lists all devices from the realm that are not managed in Security Director. You must manually discover them.

Global Configuration

Threat Level Threshold

Select a threshold level to block the infected hosts and to send an e-mail to the selected administrators notifying about the infected host events.

Logging

Enable logging for the Malware or the Host Status event.

Proxy Servers

Click the add icon (+) to enter the IPv4 address of the proxy server, in the Server IP column.

You can also edit the existing IP address or delete them.

Related Documentation