Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Enroll Your Device with Juniper ATP Cloud


You are here: Device Administration > ATP Management > Enrollment.

Use this page to enroll your SRX device with Juniper Advanced Threat Prevention Cloud (Juniper ATP Cloud).

Juniper ATP Cloud is a cloud-based threat identification and prevention solution. It protects your device from malware and sophisticated cyber threats by inspecting e-mail and web traffic for advanced threats. Juniper ATP Cloud integrates with the SRX Series devices to simplify its deployment and enhance the anti-threat capabilities of the SRX device.

ATP uses a Junos OS operation (op) script to help you configure your SRX Series device to connect to the ATP cloud service.

The Junos OS operation (op) script performs the following tasks:

  • Downloads and installs certificate authority (CAs) licenses onto your SRX Series device.

  • Creates local certificates and enrolls them with the cloud server.

  • Performs basic ATP cloud configuration on the SRX Series device.

  • Establishes a secure connection to the cloud server.

Before enrolling a device:

  • Ensure that you have a Juniper ATP Cloud account with an associated license (free, basic, or premium) to configure a Juniper ATP Cloud realm. The license controls the features of the Juniper ATP Cloud. For more information on the Juniper ATP Cloud account, see Registering a Juniper Advanced Threat Prevention Cloud Account.

  • Decide which region the realm you create will cover because you must select a region when you configure a realm.

  • Ensure the device is registered in the ATP cloud portal.

  • In the CLI mode, configure set security forwarding-process enhanced-services-mode on your SRX300, SRX320, SRX340, SRX345, and SRX550M devices to open ports and get the device ready to communicate with ATP cloud.

  • ATP cloud requires that both your Routing Engine (control plane) and Packet Forwarding Engine (data plane) can connect to the Internet.

  • ATP cloud requires the following ports to be open on the SRX Series device: 80, 8080, and 443.

To enroll your device with Juniper ATP Cloud from J-Web:

  1. Proxy Profile Configuration (Optional)
    1. Select an option in the Proxy Profile list and proceed with Step 2.

      • The list displays the existing proxy profiles that you have created using the Proxy Profile page (Security Policies & Objects > Proxy Profiles).

      • The SRX device and Juniper ATP Cloud communicates through the proxy server if a proxy profile is configured. Otherwise, they directly communicate with each other.

    2. Or click Create Proxy to create a proxy profile.

      The Create Proxy Profile page appears.

    3. Complete the configuration by using the guidelines in Table 1.

    4. Click OK.

      A new proxy profile is created.

    5. Click Apply Proxy.

      Applying proxy enables the SRX device and Juniper ATP Cloud to communicate through the proxy server.

    Table 1: Fields on the Create Proxy Profile Page



    Profile Name

    Enter a name for the proxy profile.

    Connection Type

    Select the connection type server from the list that proxy profile uses:

    • Server IP—Enter the IP address of the proxy server.

    • Host Name—Enter the name of the proxy server.

    Port Number

    Select a port number for the proxy profile. Range is 0 to 65535.

  2. Enroll SRX Device with ATP Cloud
    1. Click Enroll.

      The ATP Cloud Enrollment page appears.


      If there are any existing configuration changes, a message appears for you to commit the changes and then to proceed with the enrollment process.

    2. Complete the configuration by using the guidelines in Table 2.

    3. Click OK.

      The SRX device enrollment progress, successful message, or any errors will be shown at the end of the ATP Cloud Enrollment page.

      • A new realm is created if you have enabled Create New Realm and then the SRX device is enrolled to Juniper ATP Cloud. If there is any existing enrollment for the same SRX device, CLI sends the data to Juniper ATP Cloud portal to do the duplicate validation during the enrollment process. You cannot check for the duplicate validation through J-Web.

      • Click Diagnostics to troubleshoot any enrollment errors.

      • Click UnEnroll if you wish to disenroll your device from ATP

    Table 2: Fields on the ATP Cloud Enrollment Page



    Create New Realm

    By default, this option will be disabled if you have an ATP Cloud account with an associated license.

    Enable this option to add a new realm if you do not have an ATP Cloud account with an associated license.


    Select a region of the world from the list.


    Enter your E-mail address.


    Enter a unique string at least eight characters long. It must include both uppercase letters, lowercase letters, and at least one number. It can also include special characters. No spaces are allowed and you cannot use the same sequence of characters that are in your e-mail address.

    Confirm Password

    Reenter the password.

    Company Name

    Enter a company name to enroll into the realm. A company name can only contain alphanumeric characters, special characters (underscore and dash).


    Enter a name for the security realm. This should be a name that is meaningful to your organization. A realm name can only contain alphanumeric characters and the dash symbol. Once created, this name cannot be changed.