Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Using Guided Setup for No Sky ATP (No Selection)

Guided Setup is the most efficient way to complete your initial configuration. Locate Guided Setup from the Configuration > Guided Setup > Threat Prevention menu.

You would make no Sky ATP selection to configure SDSN using only custom feeds. Custom feeds are the only threat prevention type available if you make no selection for Sky ATP Configuration Type in the Policy Enforcer Settings page.

Before You Begin

  • Before you begin the guided setup process, you must enter the IP address and login credentials for the policy enforcer virtual machine on the Policy Enforcer Settings page. If you haven’t yet done that, go to Administration > Policy Enforcer > Settings and enter the necessary information. See Policy Enforcer Settings for more information.

  • There are some concepts you should understand before you begin the configuration. It is recommended you read about them here in advance. Policy Enforcer Configuration Concepts.

The Guided Setup process offers four steps for configuring threat prevention with custom feeds (No Sky ATP selection). Click Start Setup to begin.

Procedure

  1. Secure Fabric—Secure Fabric is a collection of network devices (switches, routers, firewalls, and other security devices), used by users or user groups, to which policies for aggregated threat prevention are applied. Once created, secure fabric is located under Devices. For secure fabric, the following is configured:
    • Sites—A site is a collection of network devices participating in threat prevention. Using quick setup, you can create your own site, but note that a device can only belong to one site and you must remove it from the any other site where it is used to use it elsewhere.

      Click Add Devices in the Device Name column or in the IP address column to add devices to a site. Using the check boxes in the device list, you should indicate which devices are firewalls or switches.

  2. Policy Enforcement Group—A policy enforcement group is a grouping of endpoints ready to receive advance threat prevention policies. Create a policy enforcement group by adding endpoints (firewalls and switches) under one common group name and later applying a security policy to that group. For policy enforcement group, the following is configured:
    • Once configured, policy enforcement groups are located under Configure > Shared Objects. A policy enforcement groups has the following fields:

      • Name and Description.

      • Group Type—IP Address, Subnet, or Location

      • Endpoint—IP addresses included in the group

  3. Custom Feeds— Policy Enforcer uses threat feeds to provide actionable intelligence to policies about various types of threats. These feeds can come from different sources. In this case, the feeds are customized by adding IP addresses, domains, and URLs to your own lists.

    The following types of custom threat feeds are available:

    • Dynamic Address—A dynamic address is a group of IP addresses that can be imported from external sources. These IP addresses are for specific domains or for entities that have a common attribute such as a particular undesired location that poses a threat. You can then configure security policies to use the dynamic addresses within a security policy.

    • Whitelist—A whitelist contains known trusted IP addresses, URLs, and domains. Content downloaded from locations on the whitelist does not have to be inspected for malware.

    • Blacklist—A blacklist contains known untrusted IP addresses, URLs, and domains. Access to locations on the blacklist is blocked, and therefore no content can be downloaded from those sites.

    • Infected Host—Infected hosts are hosts known to be compromised.

  4. Threat Prevention Policy—A threat prevention policy requires you to create a name for the policy, choose one or more profile types depending on the type of threat prevention this policy provides (infected hosts), and select a log setting. Once configured, you apply policies to policy enforcement groups.
    • Once configured, threat prevention policies are located under Configure > Threat Prevention > Policies. A policy has the following fields:

      • Name and Description.

      • Profiles—The type of threat this policy manages:

        • Infected Hosts—An infected host profile would provide information on compromised hosts and their associated threat levels. Host information includes IP address, threat level, blocked status, when the threat was seen, command and control hits, and malware detections.

      • Logging—All traffic is logged by default. Use the pulldown to narrow the types of traffic to be logged.

    • Group—Once your policy is created, it is applied to the policy enforcement group.

  5. The last page is a summary of the items you have configured using quick setup. Click OK to be taken to the Policies page under Configure > Threat Prevention > Policies and your policy is listed there.
  6. You must update to apply your new or edited policy configuration. Clicking the Ready to Update link takes you the Threat Policy Analysis page. See Threat Policy Analysis Overview. From there you can view your changes and choose to Update now, Update later, or Save them in draft form without updating.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit