Configuring Controller API
You must perform some initial configuration and setup activities through the Policy Enforcer UI before you begin using the Controller API.
- Log into the Policy Enforcer UI and configure the threat
prevention type. You can configure Policy Enforcer to run in the following
modes based on the threat prevention type you select:
Cloud only or cloud feeds mode
ATP Cloud mode
ATP Cloud with Policy Enforcer mode
For more information on configuring threat prevention types, see Policy Enforcer Administration Guide.
- Invoke the Config API with HTTP basic authentication using
your Policy Enforcer server SSH user credentials, as shown in the
following example:
POST <context>/api/v2/controller/configs Content-Type: application/json Authorization: Basic <base 64 encoded (<ssh username of Policy Enforcer>:<ssh password of Policy Enforcer>)> configs: {cloudOnly: false, purge_settings: {enable_purge: true, purge_history: 365}, version: "21.2R1-1227",…} cloudOnly: false customOnly: false "ems": {"url": "https://192.168.250.3", "username": "pe_user", "password": “pe-root-pass_pe", "SD_app_sub_version": null,"SD_app_version": "20.3","SD_release_type": "R1","certificateMode": false,"certfile_content": null,"keyfile_content": null} certfile: null certificateMode: false keyfile: null url: "https://10.204.253.148" username: "pe_user" purge_settings: {enable_purge: true, purge_history: 365} enable_purge: true purge_history: 365 sdsn: true sudoUser: "root" syslog: {} version: "21.2R1-1227"Note You must use only https for the ems URL.
Ensure that you are using the correct Policy Enforcer username and password that successfully authenticate Security Director. The password should have _pe as suffix.
The REST API username and password are the new credentials for the REST APIs.
Based on the mode you have selected in the Policy Enforcer UI, you can specify the configuration using the Config API as follows:
- Default mode—You can
configure Policy Enforcer in the Default mode as follows:
"configs": { "sdsn": true "cloudonly": false “customOnly”: true } - Cloud only or cloud feeds mode—You can configure Policy Enforcer in the cloud only or cloud
feeds mode as follows:
"configs": { "sdsn": true "cloudonly": true “customOnly”: false } - ATP Cloud mode—You can
configure Policy Enforcer in the Juniper ATP Cloud mode as follows:
"configs": { "sdsn": false "cloudonly": false “customOnly”: false } - ATP Cloud with Policy Enforcer mode—You can configure Policy Enforcer in the Juniper ATP Cloud
with Policy Enforcer mode as follows:
"configs": { "sdsn": true "cloudonly": false “customOnly”: false }
Note Ensure that the values of
sdsnandcloudonlyreflect the mode you have selected in the Policy Enforcer UI. - You can also use your REST API user credentials for HTTP
basic authentication to make any Policy Enforcer REST API calls. To
do so, you must first create your REST API username and password.
You can use any value as the username and password, for example,
admin/adminorabcd/wxyz.