Juniper ATP Appliance Core/CM Model Specifications
The Juniper ATP Appliance APT Defense Solution Core can be deployed in several different ways to best meet the needs of individual networks: As a Hardware Appliance; as a software only ISO image deployed on customer owned hardware; and as a Virtual Machine deployed on VMware ESX servers. Technical specifications per Juniper ATP Appliance Core-CM Server model are provided below.
For hardware specifications and set up instructions, refer to the Juniper Networks Advanced Threat Prevention Appliance Hardware Guide for your hardware model.
Firewall & Management Network Interface Connectivity
Connectivity requirements for the Juniper ATP Appliance management interface (eth0) allow for transfer of inspected network and email objects, live malware behavior analysis, intel reporting, and product updates. If the enterprise network firewall uses an outgoing “default allow” rule, this is sufficient. Otherwise, create the following firewall rules:
- SSH port 443 should be open from the Traffic Collector to the Core/CM for traffic inspection and malware behavior analysis as well as consolidate communications and software/security content updates.
- The Core engine connects to a separate Secondary Core Mac Mini OSX Engine or Core+CM Secondary Core using TCP port 22, be sure to open this port when installing a distributed Mac OS X or additional Core+CM (Windows) Secondary Core Engine. All consolidated communications and updates/upgrades take place on eth0. Other ports are reserved in this release.
- If you configure Juniper ATP Appliance Email Collector(s), ports used to access the email server(s) must also be opened. All communications occur across the Juniper ATP Appliance management network via eth0. Other ports are reserved in this release.
- For communication with Juniper ATP Appliance Logging and
Update services, the Network Management port (eth0) must be able to
communicate to the internet via port 443.
Primary Core/CM and Secondary Cores/Mac Cores must be on the same network, and allow all ports, with no Port Address (PAT) or Network Address Translation (NAT).