Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating Sky ATP Realms and Enrolling Devices or Associating Sites

 

You can select a geographical location and enter your Juniper Sky ATP credentials to create a realm and associate sites or devices with the realm.

If you do not have a Juniper Sky ATP account, select a geographical region and click here. You are redirected to the Juniper Sky ATP account page.

Before You Begin

  • Understand which type of Juniper Sky ATP license you have: free, basic, or premium. The license controls which Juniper Sky ATP features are available.

  • To configure a Juniper Sky ATP realm, you must already have a Juniper Sky ATP account with an associated license.

  • Ensure that the internet connectivity is available for Policy Enforcer. Without the internet connectivity, you cannot create a realm.

  • Decide which region will be covered by the realm you are creating. You must a select a region when you configure a realm.

  • Note that adding a device to a realm results in one or more commit operations occurring on the device to apply the Juniper Sky ATP or Policy Enforcer configuration.

To configure a Sky ATP Realm:

  1. Select Configure>Threat Prevention>Feed Sources.

    The Feed Sources page appears.

  2. In the Sky ATP tab, click the + icon to add a realm.
  3. Complete the initial configuration by using the guidelines in Table 1 below.
  4. Click Finish.

Table 1: Fields on the Add Sky ATP Realm Page

Field

Description

Sky ATP Realm Credentials

Location

Select a region of the world from the available choices.

The following options are available in the Location list:

  • North America

  • European Region

  • Canada

  • Asia Pacific

By default, the North America value appears in the list. To know more about the geographic region, see here.

Username

Enter your e-mail address. Your username for Sky ATP is your e-mail address.

Password

Enter a unique string at least 8 characters long. Include both uppercase and lowercase letters, at least one number, and at least one special character (~!@#$%^&*()_-+={}[]|:;<>,./?); no spaces are allowed, and you cannot use the same sequence of characters that are in your username.

Realm

Enter a name for the security realm. This should be a name that is meaningful to your organization. A realm name can only contain alphanumeric characters and the dash symbol. Once created, this name cannot be changed.

Note: When you create a custom feed with a realm, the feed is associated at the site level and not at the realm level. If you modify this realm and associate new sites to it, a warning message is shown that there are custom feeds are associated with this realm. Changing the site information will change the custom feed information. You must go and edit the custom feed that was associated with this realm and verify the realm association.

Site

Site

Select a site to enroll into the realm. If there are no sites associated with the realm, click Create new site. To know more about creating a new site, see Creating Secure Fabric and Sites.

Note:

  • If you are using Juniper Sky ATP without Policy Enforcer, you are not prompted to select a site.

  • Assigning a site to the realm will cause a change in the device configuration in the associated devices.

Unmanaged Devices

Lists all devices from the realm that are not managed in Security Director. You must manually discover them.

If you are using Juniper Sky ATP with Policy Enforcer and you have no devices enrolled in the realm, you are asked to select devices in the box on the left and move them to the right to enroll them. All selected devices are automatically enrolled with Juniper Sky ATP when you finish the guided setup. To disenroll a device, you can edit a realm and move the device back to the left side box.

Note: Adding a device to a realm results in one or more commit operations occurring on the device to apply the Juniper Sky ATP or Policy Enforcer configuration.

Global Configuration

IPv6 Feeds

Enable this option to receive IPv6 feeds (C&C and Geo IP) from Policy Enforcer.

Threat Level Threshold

Select a threshold level to block the infected hosts and to send an e-mail to the selected administrators notifying about the infected host events.

Click the+ sign if you want to add new administrators to the list.

Logging

Enable this option to log the Malware or the Host Status event or both the event types.

Proxy Servers

Click the add icon (+) to enter the trusted IPv4 address of the proxy server, in the Server IP column.

When there is a proxy server between users on the network and a firewall, the firewall might see the proxy server IP address as the source of an HTTP or HTTPS request, instead of the actual address of the user making the request.

With this in mind, X-Forwarded-For (XFF) is a standard header added to packets by a proxy server that includes the real IP address of the client making the request. Therefore, if you add trusted proxy servers IP addresses to the list in Juniper Sky ATP, by matching this list with the IP addresses in the HTTP header (X-Forwarded-For field) for requests sent from the SRX Series devices, Juniper Sky ATP can determines the originating IP address.

Note: XFF only applies to HTTP or HTTPS traffic, and only if the proxy server supports the XFF header.

Note

If you enrolled a device into a realm from within Security Director and you want to disenroll it, you must do that from within Security Director. If you enrolled a device into a realm from within Sky ATP and you want to disenroll it, you must do that from within Sky ATP. You cannot disenroll a device from within Security Directory that was enrolled from within Sky ATP.