This in an outline of the configuration tasks you must complete to configure Cloud feeds only threat prevention.
Note Since devices are not enrolled to Sky ATP in Cloud feed only mode, there is no information to display under Monitor > Threat Prevention, and therefore those screens are unavailable.
A Sky ATP license and account are needed for the following (Sky ATP with SDSN, Sky ATP, and Cloud feeds only). If you do not have a Sky ATP license, contact your local sales office or Juniper Networks partner to place an order for a Sky ATP premium license. If you do not have a Sky ATP account, when you configure Sky ATP, you are redirected to the Sky ATP server to create one. Please obtain a license before you try to create a Sky ATP account. Refer to Obtaining a Sky ATP License for instructions on obtaining a Sky ATP premium license.
Before you configure Cloud Feeds you must enter the IP address and login credentials for the policy enforcer virtual machine. Go to Administration > Policy Enforcer > Settings. Once this information is entered, you can begin the setup process. See Policy Enforcer Settings. (Refer to Deploying and Configuring the Policy Enforcer with OVA files for instructions on downloading Policy Enforcer and creating your policy enforcer virtual machine.)
To configure Security Director for Cloud feed only threat prevention, do the following:
Note Cloud feed only configuration is similar to Sky ATP (without SDSN) configuration. The only differences being that devices do not have to be enrolled to Sky ATP and the only threat prevention types available are command and control server and Geo IP.
In the UI, navigate to Configure>Threat Prevention>Sky ATP Realms. Click the + icon to add a new Sky ATP realm.
See Creating Sky ATP Realms and Enrolling Devices or Associating Sites for details.
In the UI, navigate to Devices >Secure Fabric. Click the + icon to create a new site.
See Creating Secure Fabric and Sites for details.
In the UI, navigate to Configure>Shared Objects>Policy Enforcement Groups. Click the + icon to create a new policy enforcement group.
See Creating Policy Enforcement Groups for details.
In the UI, navigate to Configure>Threat Prevention >Policy. Click the + icon to create a new threat prevention policy.
See Creating Threat Prevention Policies for details.
You must select your Geo IP policy as the source and/or destination of a firewall rule before it can take effect. Navigate to Configure > Firewall Policy > Policies.
.
© 2020 Juniper Networks, Inc. All rights reserved