Secure Fabric Overview
Secure Fabric is a collection of sites which contain network devices (switches, routers, firewalls, and other security devices), used in policy enforcement groups. When threat prevention policies are applied to policy enforcement groups, the system automatically discovers to which sites those groups belong. This is how threat prevention is aggregated across your secure fabric.
Add Enforcement Points—Click the Add Enforcement Points link to add Firewalls, Switches, and/or Connectors. There is a one-to-one mapping between devices with sites. If a device is mapped to a site, you cannot use the same device to map to a different site. The connector can be mapped to multiple sites. To filter by type, click the three vertical dots beside the search field and select the check box for the device type. See Creating Secure Fabric and Sites for more information.
Drag and Drop Enforcement Points—From the main page, you can select enforcement points and drag them to other sites to include them there. When you drag, the enforcement point is disenrolled from the current site and gets enrolled to the new site where the enforcement point is dropped.
You can either have switches or a connector as enforcement points and not both. However, you can drag a switch and add to a site that already has a switch or SRX Series device.
Table 1 shows fields on the Secure Fabric page.
Table 1: Secure Fabric Page Fields
Specifies the name of the secure fabric site.
Specifies the name of the secure fabric tenant.
Specifies the enforcement points for that particular site, if enforcement points are already added. If not added, click Add Enforcement Points to add Firewalls, Switches, or Connectors as enforcement points.
A firewall icon is shown against some of the devices to indicate that they are the perimeter firewalls.
For connectors, if you hover over the enforcement point, a tool tip is shown listing the corresponding vSRX devices with IP addresses and descriptions.
Note: If tenant is configured to the site, only MX Series device can be added as enforcement points.
Specifies the IP address of the enforcement point, if the enforecement point is available.
Specifies the type of the enforcement point. For example, vSRX, QFX, Connector.
Specifies the feed source to Policy Enforcer.
SKYATP Enroll Status
Specifies the status of the SkyATP enrollment.
The Success status with a warning symbol indicates that the device is enabled for cloud feeds only and there is no support for malware capability and enhanced mode. This field will be blank if the device fails to disenroll SkyATP.
If the status is Failed, click Retry to enroll the device with Sky ATP again. You can hover over the Failed status to see the corresponding job details. The device enroll retry option is available only when the status is Failed.
Specifies the date on which the Secure Fabric page was last updated.
Specifies the description that you had entered at the time of creating a secure fabric site.