Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Introduction

 

This chapter explains how to use the Juniper ATP Appliance command line interface (CLI) to configure and administer a Juniper ATP Appliance.

This chapter contains the following sections:

Accessing the CLI

Hardware Appliance CLI Access via Keyboard and Monitor

  1. Connect the end of the keyboard cable to any of the USB ports on the back panel of the appliance.
  2. Connect the end of the video monitor cable to the VGA port on the back panel of the appliance.
  3. At the CLI prompt, enter your username and password. By default, the admin user name is admin and the password is 1JATP234.

    Be sure to change the default password for the admin account after initial setup; the password must be at least 8 characters in length.

  4. To launch the configuration wizard, enter the command wizard.

Configuration Wizard Command Prompt Progressions

Note

Enter CTRL-C to exit the Configuration Wizard at any time. If you exit without completing the configuration, you will be prompted again whether to run the Configuration Wizard.

You may also rerun the Configuration Wizard at any time with the CLI command wizard.

Configuration Wizard Prompts

Customer Response from All-in-One

Customer Response from Core or Mac Mini

Customer Response from Collector

Use DHCP to obtain the IP address and DNS server address for the administrative interface (Yes/No)?

Note: Only if your DHCP response is no,enter the following information when prompted:

  1. IP address

  2. Netmask

  3. Enter a gateway IP address for this management (administrative) interface:

  4. Enter primary DNS server IP address.

  5. Do you have a secondary DNS Server (Yes/No).

  6. Do you want to enter the search domains?

  7. Enter the search domain (separate multiple search domains by space):

Restart the administrative interface (Yes/No)?

We strongly discourage the use of DHCP addressing because it changes dynamically. A static IP address is preferred.

Recommended:

Respond with no:

  1. Enter an IP address

  2. Enter a netmask using the form 255.255.255.0.

  3. Enter a gateway IP address.

  4. Enter the DNS server IP address

  5. If yes, enter the IP address of the secondary DNS server.

  6. Enter yes if you want DNS lookups to use a specific domain.

  7. Enter space domain(s) separated by spaces; for example: example.com lan.com dom2.com

Enter yes to restart with the new configuration settings applied.

We strongly discourage the use of DHCP addressing because it changes dynamically. A static IP address is preferred.

Recommended:

Respond with no:

  1. Enter an IP address

  2. Enter a netmask using the form 255.255.255.0.

  3. Enter a gateway IP address.

  4. Enter the DNS server IP address

  5. If yes, enter the IP address of the secondary DNS server.

  6. Enter yes if you want DNS lookups to use a specific domain.

  7. Enter space domain(s) separated by spaces; for example: example.com lan.com dom2.com

Enter yes to restart with the new configuration settings applied.

We strongly discourage the use of DHCP addressing because it changes dynamically. A static IP address is preferred.

Recommended:

Respond with no:

  1. Enter an IP address

  2. Enter a netmask using the form 255.255.255.0.

  3. Enter a gateway IP address.

  4. Enter the DNS server IP address

  5. If yes, enter the IP address of the secondary DNS server.

  6. Enter yes if you want DNS lookups to use a specific domain.

  7. Enter space domain(s) separated by spaces; for example: example.com lan.com dom2.com

Enter yes to restart with the new configuration settings applied.

Enter a valid hostname (enter a unique name)

Note: Only alpha-numeric characters and hyphens (in the middle of the hostname) are allowed.

Type a hostname when prompted; do not include the domain; for example:

juniperatp1

Type a hostname when prompted; do not include the domain; for example:

juniperatp1

Type a hostname when prompted; do not include the domain; for example:

juniperatp1

[OPTIONAL] If the system detects a Secondary Core with an eth3 port, then the alternate CnC exhaust option is displayed:

Use alternate-exhaust for the analysis engine exhaust traffic (Yes/No)?

Enter IP address for the alternate-exhaust (eth2) interface:

Enter netmask for the alternate-exhaust (eth2) interface: (example: 255.255.0.0)

Enter gateway IP Address for the alternate-exhaust (eth2) interface: (example:10.6.0.1)

Enter primary DNS server IP Address for the alternateexhaust (eth2) interface: (example: 8.8.8.8)

Do you have a secondary DNS server for the alternate-exhaust (eth2) interface?

Do you want to enter the search domains for the alternateexhaust (eth2) interface?

Note: A complete network interface restart can take more than 60 seconds

Refer to “Configuring an Alternate Analysis Engine Interface” in the Juniper ATP Appliance Operator’s Guide for more information.

Enter yes to configure an alternate eth2 interface.

Enter the IP address for the eth2 interface.

Enter the eth2 netmask.

Enter the gateway IP address.

Enter the primary DNS server IP Address for the alternate-exhaust (eth2) interface.

Enter yes or no to confirm or deny an eth2 secondary DNS server.

Enter yes or no to indicate whether you want to enter search domain.

Refer to “Configuring an Alternate Analysis Engine Interface” in the Juniper ATP Appliance Operator’s Guide for more information.

Enter yes to configure an alternate eth2 interface.

Enter the IP address for the eth2 interface.

Enter the eth2 netmask.

Enter the gateway IP address.

Enter the primary DNS server IP Address for the alternate-exhaust (eth2) interface.

Enter yes or no to confirm or deny an eth2 secondary DNS server.

Enter yes or no to indicate whether you want to enter search domain.

[Traffic Collectors do not send or receive Core analysis engine CnC network traffic, so no eth2 interface is needed.]

Regenerate the SSL self-signed certificate (Yes/No)?

Enter yes to create a new SSL certificate for the Juniper ATP Appliance Server Web UI.

If you decline the selfsigned certificate by entering no, be prepared to install a certificate authority (CA) certificate.

Enter yes to create a new SSL certificate for the Juniper ATP Appliance Server Web UI.

If you decline the selfsigned certificate by entering no, be prepared to install a certificate authority (CA) certificate.

Not applicable to Collector.

Enter the following server attributes:

Is this a Central Manager device:

Device Name: (must be unique)

Device Description

Device Key PassPhrase

Note: Remember this passphrase and use it for all distributed devices!

Enter Yes; the system will auto-set IP 127.0.0.1 as the All-in- One IP address.

Enter the Juniper ATP Appliance Collector Host Name; this identifies the Collector in the Web UI.

Enter a device Description

Enter a user-defined PassPhrase to be used to authenticate the Core to the Central Manager.

Enter Yes; the system will auto-set IP 127.0.0.1 as the All-in- One IP address.

Enter the Juniper ATP Appliance Collector Host Name; this identifies the Collector in the Web UI.

Enter a device Description

Enter a user-defined PassPhrase to be used to authenticate the Core to the Central Manager.

Enter Yes; the system will auto-set IP 127.0.0.1 as the All-in- One IP address.

Enter the Juniper ATP Appliance Collector Host Name; this identifies the Collector in the Web UI.

Enter a device Description

Enter a user-defined PassPhrase to be used to authenticate the Core to the Central Manager.

Hardware, Software and Virtual Appliance Access via SSH

To access the Juniper ATP Appliance CLI over the management network:

  1. Start a terminal window session and use the ssh command to access the appliance. For example, if the IP address of the appliance is 10.1.1.2, enter the following command:

    xssh admin@10.1.1.2

  2. When prompted, enter your password. By default, the admin user name is admin and the password is 1JATP234.
  3. To launch the configuration wizard, enter the command wizard.

    # wizard

See Configuration Wizard Command Prompt Progressions for steps.

CLI Help and Keyboard Shortcuts

To display Juniper ATP Appliance CLI help, type the command help to display CLI keys and auto-completion usage.

For context-sensitive help, alternatively, enter a “?” to display either a list of possible command completions with summaries, or the full syntax of the current command. A subsequent repeat of this key, when a command has been resolved, will display a detailed reference, as described below.

  • Enter “?” at the prompt to display a list of the available commands in the current mode.

  • Enter “?” after you type a command to display its available options and parameters.

  • Enter “?” after a partially typed keyword to display command matches for auto-completions

You can enter commands in abbreviated form if you enter enough characters to uniquely identify each keyword. For example, the show interface command can be abbreviated as:

sh in

To identify a command’s minimum abbreviation, type a few characters then press Tab. When you have entered enough characters, the keyword is completed.

The following table outlines the available CLI shortcuts.

Table 1: Table 1-1 Keyboard Shortcuts

Action

Shortcut

Description

Auto-Completion

Enter, Tab or Space Key

Completes a partial command during typing if enough characters are typed to uniquely identify it.

Recall

Ctrl+P or ↑

Ctrl+N or ↓

Ctrl+L or Ctrl+R

Retrieve previous command from CLI history.

Retrieve next command from CLI history.

Clear the screen or Redisplay the current command line.

Delete

Ctrl+D

Ctrl+H

Ctrl+K

Ctrl+U or Ctrl+W

Delete character.

Delete character before cursor (Backspace).

Delete all characters from cursor to end of line.

Delete all characters or words on line.

Cursor move

Ctrl+A

Ctrl+B

Ctrl+E

Ctrl+F

Move cursor to start of line.

Move cursor back a single character.

Move cursor to end of line.

Move cursor forward a single character.

Character Transpose

Ctrl+T

Transpose character at the cursor with preceding character.

Interrupt output

Ctrl+C

Interrupt presentation of the CLI output.

Replace

!!

Substitute the last command line

!N

Substitute the Nth command line (absolute as per 'history' command)

!-N

Substitute the command line entered N lines before (relative)

Exit mode or logout

exit

Exit current mode or exit the CLI session.

SPECIAL CHARACTER REQUIREMENT

You must enclose non-alphabet characters in double quotes in CLI commands; for example:

Juniper ATP Appliance(server)# set passphrase “kfe$nd#$^S”

CLI Modes

The CLI commands that you can enter depend on your user privileges and the CLI command mode. User roles are “admin” and “debugging.” The following table describes the CLI command mode.

Note that the prompt in each mode includes the host name of the Juniper ATP Appliance.

Mode

Description

How to Exit

Basic Mode

Monitor system operation and issue basic system commands. This is the default login mode. The following prompt is displayed:

JATP#

Enter exit to log out of the CLI.

CM Mode

Monitor system history and upgrades from the Core or vCore in cm (Central Manager) mode.

JATP_Hostname# cm

JATP_Hostname (cm)# ?

Enter exit to leave cm mode.

Core Configuration Mode

To access Core configuration mode in the Core/CM, All-in- One, and Mac Mini, enter “core” in Basic mode. The prompt changes to indicate the mode in parentheses:

JATP_Hostname# core

JATP_Hostname (core)# ?

Enter exit to leave server mode.

Collector Configuration Mode

Configure the Juniper ATP Appliance Collector (includes all commands). To access Collector configuration mode, enter “collector” in Basic mode. The prompt changes to indicate the mode in parentheses:

JATP_Hostname# collector

JATP_Hostname (collector)# ?

Enter exit to leave server mode.

Diagnosis Packet Capture, Monitoring, GSS Reporting and Configuration Mode

Check Initial Setup, Diagnose, Monitor, Set GSS, and Configure the Juniper ATP Appliance (includes all commands). To access Diagnosis mode, enter “diagnosis” in Basic mode. The prompt changes to indicate the mode in parentheses:

JATP_Hostname# diagnosis

JATP_Hostname (diagnosis)# ?

Enter exit to leave diagnosis mode.

Server Configuration Mode

Set up and monitor the system (includes all Basic commands plus server-specific commands). To access Server configuration mode, enter “server” in Basic mode. The prompt changes to indicate the mode in parentheses:

JATP-Hostname# server

JATP-Hostname (server)# ?

Enter exit to leave server mode.

Wizard Configuration Mode

Configure the system during installation and setup the management network and connected Juniper ATP Appliance components. To access wizard configuration mode, enter “wizard” in Basic mode. The prompt changes to indicate the mode in parentheses:

JATP-Hostname# wizard

JATP-Hostname (wizard)# ?

Enter exit to leave wizard mode.