Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Core/CM Server CLI Commands

 

This chapter describes the commands for available for Juniper ATP Appliance Core/CM or vCore servers. These commands are used to configure devices and software, manage security events, and show system information and status.

You must enclose non-alphabet characters in double quotes in CLI commands.

Basic Mode Commands

Use general system commands to configure the appliance, view appliance history, enter other CLI modes, obtain help with CLI syntax, and to exit the CLI session.

The general commands are:

Refer to the respective sections in this guide to review Diagnosis Mode, CM Mode, Collector Mode and Server Mode commands per product device.

CM Commands

Core Mode Commands

Server Mode Commands

Diagnosis Mode Commands

CoreCM CLI Commands

capture-start

Table 1: capture-start

Description

Starts packet capture as a means for diagnosing and debugging network traffic and obtaining stats.

See Also:diagnosis[mode];copy

Product(s) CLI

All-in-One | Collector | Core | Mac OS X Detection Engine

Mode(s)

Diagnosis

Syntax

capture-start

Parameters

<IP address> <interface_name>

Sub-Commands

None

Example

The following example starts a packet capture process on interface eth1 for a Traffic Collector with IP address 8.8.8.8:

hostname # diagnosis

hostname (diagnosis)# capture-start 8.8.8.8 eth1

Note: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the capture filters on.

cm

Table 2: cm

Description

Enters cm (Central Manager) mode.

See Also: basic [mode];

Product(s) CLI

All-in-One | Core

Mode(s)

Basic

Syntax

cm

Parameters

None

Sub-Commands

exit | help | history | upgrade

Example

The following command example enters cm configuration mode:

hostname # cm

hostname (cm)#

core

Table 3: core

Description

Enters core mode.

See Also: basic [mode];

Product(s) CLI

All-in-One | Collector | Core | Mac OS X Detection Engine

Mode(s)

Basic

Syntax

core

Parameters

None

Sub-Commands

exit, help, history, show, updateimage

Example

The following command example enters core configuration mode:

hostname # core

hostname (core)#

copy

Table 4: copy

Description

Uses Secure Copy (SCP) to copy and transfer packet capture or traceback (crash) data to a remote location, providing the same authentication and level of security as an SSH transfer.

The copy traceback command, upon Customer Support's request, copies the traceback files out of the box to a remote location.

See Also:diagnosis[mode];capture-start

Product(s) CLI

All-in-One | Collector | Core-CM | Mac OSX Engine

Mode(s)

Diagnosis

Syntax

copy capture <scp source_file_name username@destination_host:destination_folder> | traceback {<tab> | ALL} <string URI as user@hostname:path

Parameters

copy capture <scp remote filename_location>

copy traceback <ALL | filename>

copy traceback <tab> [tab displays all available crash filenames]

Sub-Commands

None

Example

The following example copies the file "Eth1.txt" from the local host to a remote host:

hostname (diagnosis)# copy capture scp captureEth1.txt

admin@remotehost.edu:/some/remote/directory

diagnosis

Table 5: diagnosis

Description

Enters the Diagnosis configuration and status check mode.

See Also: collector [mode], server [mode]

Product(s) CLI

All-in-One | Collector | Mac OS X Detection Engine

Mode(s)

Basic

Syntax

diagnosis

Parameters

None

Sub-Commands

capture-start; copy; exit; gssreport;help;history;set (server mode);setupcheck;show (diagnosis mode);show (server mode)

Example

The following example enters diagnosis configuration and status check mode:

hostname # diagnosis

hostname (diagnosis)# ?

exit

Table 6: exit

Description

Ends the CLI session.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

exit

Parameters

None

Example

The following example ends a command mode or CLI session.

JATP# (diagnosis) exit
JATP#

gssreport

Table 7: gssreport

Description

Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and to display the status of the current GSS report.

See Also:gssreport;diagnosis[mode]

Product(s) CLI

All-in-One | Collector | Mac OS X Detection Engine

Mode(s)

diagnosis

Syntax

gssreport status | submit

Parameters

status - displays the status of the current GSS report.

submit - submits a report to Juniper ATP Appliance GSS.

Sub-Commands

None

Example

The following examples display the status of a GSS report submission:

	hostname # diagnosis				
hostname (diagnosis)# gssreport submit
Successfully started GSS report
hostname (diagnosis)# gssreport status
GSS is currently enabled
Last 5-minute GSS report at 2015-07-28 10:34:24.414322:
successfully submitted
Last hourly GSS report at 2015-07-28 10:34:24.468259:
successfully submitted
Last daily GSS report at 2015-07-28 10:34:28.225512:
successfully submitted

help

Table 8: help

Description

Displays information about the CLI help system.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

help

Parameters

None

Example

The following example shows some of the output of the help command.

CONTEXT SENSITIVE HELP
[?] - Display context sensitive help. This is either a list of possible command completions with summaries, or the full syntax of the current command. A subsequent repeat of this key, when a command has been resolved, will display a detailed reference.
AUTO-COMPLETION
The following keys both perform auto-completion for the current command line. If the command prefix is not unique then the bell will ring and a subsequent repeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command. If there is a syntax error then offending part of the command line will be highlighted and explained.
[tab] - Auto-completes
[space] - Auto-completes, or if the command is already resolved inserts a space.
If “<cr>” is shown, that means that what you have entered so far is a complete command, and you may press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:
JATP (server)# show f?
firewall Show the firewall configuration settings
interface
JATP (server)# show firewall?
all Show the current iptables settings
whitelist Show the iptables whitelist settings
show firewall whitelist?
<cr>
show firewall whitelist

history

Table 9: history

Description

Displays the current CLI session command line history.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

history

Parameters

None

Example

The following examples returns command line history for the current CLI session.

JATP# (core) history

ifrestart

Table 10: ifrestart

Description

Restarts the interface driver and services using the interface.

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

ifrestart eth0 | eth1

Parameters

eth0  		Restarts the management network administra interface.
eth1  		Restarts the monitoring network interface.

Example

The following example restarts the eth0 interface for the management network.

<FireEye_name># ifrestart eth0

ping

Table 11: ping

Description

Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host name or IP address to verify that the destination is reachable over the network.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

ping [-c count] [-h hops] [string]

Parameters

-ccount

Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.

-hhops

Number of next hops between pings (default is 1).

string

IP address, hostname or interface name used to ping device address

Example

The following example sends three echo requests to the device with the IP Address 10.10.10.1

<FireEye_name># ping -c 3 10.10.10.1

PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314 ms
64 bytes from 10.10.10.1: icmp_req=2 ttl=64 time=0.277 ms
64 bytes from v: icmp_req=3 ttl=64 time=0.274 m
--- 10.10.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.274/0.288/0.314/0.022 ms

reboot

Table 12: reboot

Description

Reboots the Juniper ATP Appliance.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

reboot

Parameters

None

Example

The following example reboots the system.

hostname# reboot

restart

Table 13: restart

Description

Restarts Juniper ATP Appliance services.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

restart [all | behaviorengine | cm | collector | core | correlationengine | database | ntpserver | sshserver | staticengine | webserver]

Parameters

all

Restarts all Juniper ATP Appliance services.

behaviorengine

Restarts the Behavioral Analysis Engine

cm

Restarts the Central Manager Web UI service.

collector

Restarts the Collector service.

core

Restarts the Core Detection Engine.

correlationengine

Restarts the Correlation Engine.

database

Restarts the Database.

ntpserver

Restarts the NTP server.

sshserver

Restarts the SSH server.

staticengine

Restarts the Static Analysis Engine.

webserver

Restarts the web server.

Example

The following example restarts the Central manager service.

JATP# restart cm

restore

Table 14: restore

Description

Restores the system configuration to the factory default settings. This will only reset the password to default temporarily.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

server

Syntax

restore [support | firewall {backup | default} | hostname | network]

Parameters

support

Restores the default support password setting remote login (set during initial installation per l See also (server)# set (server mode)

firewall {backup | default}

Restores the firewall settings from either the pr backup, or from the default factory settings.

Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly will lose the whitelist state as rules cannot be saved in that case.

hostname

Restores the system’s hostname to the factory hostname.

network

Restores the IP address and DNS settings to th factory default settings.

 

Warning: This command option removes the IP address and DNS settings, and reloads the d values for these settings.

Example

The following example restores the system.

JATP# restore

This next example restores the SSH login “support” password to the default

JATP # restore support password

Restore the default support password? (Yes/No)? yes

support password was restored successfully!

set (core mode)

Table 15: set

Description

Resets the Secondary Core UUID, if the virtual core is cloned.

Product(s) CLI

Core/CM (Virtual Core)

Mode(s)

Core (for Virtual Core configurations)

Syntax

set id

Sub-Commands

None

Example

The following example sets the Virtual Core appliance id:

hostname # core
hostname (core) # set id
<cr>

server

Table 16: server

Description

Enters the server configuration mode.

Product(s) CLI

All-in-One | Collector | Core/CM | Mac Mini Mac OS X

Mode(s)

Basic

Syntax

server

Sub-Commands

exit;help;history;ifrestart;ping;reboot;restore;set (server mode);show (server mode);traceroute;upgrade

Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly will lose the whitelist state as rules cannot be saved in that case.

Example

The following example enters server configuration mode:

hostname # server
hostname (server) # ?

set system-alert (server mode)

Table 17: set system-alert

Description

Configure the traffic threshold and checking interval for the Collector “monitored traffic” health status.

When the monitored traffic of a collector within the checking interval time is lower than the threshold, a system health alert is generated. You can send an email notification of the alert if email notifications of system health events are configured.

Product(s) CLI

All-in-One | Core CM

Mode(s)

Server, See Also:set (diagnosis mode); set (collector mode); show

Syntax

set system-alert traffic <integer> time <interval>

Note: Note that both "traffic" and "time" parameters are required in order to set the threshold for both the minimum traffic and time.

Parameters

traffic - the minimum traffic (in KB)
interval - the checking interval (in minutes)

Example

JATP (server) # set system-alert traffic 100 time 30

This example sets the system alert such that, if the total monitored traffic of a collector within the last 30 minutes dips lower than 100KB, then a system health alert will be generated (and users will receive an email notification of the alert if email notifications are configured for system health events).

By default this alert is disabled, and users must set the minimum traffic and interval in order to enable it. Also note that all bytes seen on Ethernet frames are counted in the traffic.

The minimum interval for the "set system-alert traffic" time interval command is 10 minutes. If the minimum interval is set to less than 10 minutes, no alerts will be triggered.

set (server mode)

Table 18: set

Description

Configure the system settings.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server, See Also: set (diagnosis mode); set (core mode); show (core mode)

Syntax

set [autoupdate {on | off} | cli timeout secs | clock | cm address | support {enable | disable} localmode {enable | disable}| passphrase string | dns | firewall {all <backup | flush> | whitelist} | hostname string | ip interface {management | alternate-exhaust}| ntpserver | password | proxy {config | enabled | remove} | timezone string | uipassword]

Parameters

Note: vCore for AWS does not use the following CLI commands:

set ip

set hostname

[Users cannot set static IP address or change the hostname directly on an EC2 AWS instance]

(See columns below)

 
autoupdate {content | software} {on | off}
cli secs

clock

cm address
set support {enable | disable} | {localmode}

dns

firewall {all <backup | flush> | whitelist <add | delete | flush>}
hostname string
ip interface {management | alternateexhaust} <dhcp | address | netmask | gateway}

Turn on or off automatic product updates.

set autoupdate content on

Sets CLI period in seconds (0 indicates no timeout).

Sets the current date and time.

Sets the IP address of the Central Manager and netmask using slash notation; ex: AAA.BBB.CCC.DD/X

Enables remote SSH login “support” account or localmode enable|/disable.

Sets DNS (or enables DHCP for DNS) for the management interface by default if interface is unspecified.

Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes or flushes the current iptables whitelist-specific settings for the firewall.

The “add” option adds an IP address to the iptables outbound whitelist.

# set firewall whitelist add 10.1.1.1

Sets the system’s host name.

Sets the IP address, netmask, or default gateway, or enables DHCP for the management or alternate-exhaust interface.

ntpserver
passphrase string
password

Sets the Network Time Protocol (NTP) server.

Sets the device key password; enter a string.

Sets a new password for the CLI administrator.

proxy {config <all|http> | enable <on|off> | remove <all|http>}

Config, enable/disable, or remove “all” proxy configs, or remove an HTTP-specific proxy server.

Tip: Config the proxy for “all” protocols first, and then change HTTP proxy as needed.

timezone string

Sets the timezone for the device.

uipassword

Sets a new admin password for CM Web UI access.

Examples

The following example enables a proxy server.

JATP (server)# set proxy enable on

set appliance-type (server mode)

Table 19: set appliance-type

Description

Change the appliance type at any time. For example, change from All-In-One to Core/CM. Note that if you change the appliance type after the initial installation, all data files related to the current type are lost and you must set up the appliance as you would a fresh box.

Product(s) CLI

All-in-One | Core CM | Collector

Mode(s)

server

Syntax

jatp:AIO#(server)# set appliance-type core-cm

Parameters

all-in-one

core-cm

email-collector

traffic-collector

Example

The following example changes the form factor of the appliance from all-in-one (the default) to core-cm:

jatp:AIO#(server)# set appliance-type core-cm
This will result in the deletion of all data and configurations not relevant to the new form factor.
Proceed? (Yes/No)? Yes

set (diagnosis mode)

Table 20: set

Description

Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.

See Also:set (server mode)

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

set logging all

Parameters

all

Sets logging for all Juniper ATP Appliance components.

default

Sets logging to the default parameters

debug

Sets logging at the debug level.

info

Sets logging at the info level.

warning

Sets logging at the warning level.

error

Sets logging at the error level.

critical

Sets logging at the critical level.

Example

The following example sets the default logging level for all Juniper ATP Appliance components.

JATP# set logging all

setupcheck

Table 21: setupcheck

Description

Checks and reports on basic configuration settings and analysis pipeline setup.

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

setupcheck {all | report | basic | analysis}

Parameters

all 			Checks both basic settings and analysis pipelin
report 		Shows report of last setupcheck.
basic		 	Checks basic configuration settings.
analysis 		Checks the analysis pipeline.

Example

The following example checks all basic configuration settings as well as the analysis pipeline:

JATP (diagnosis) # setupcheck all

show (core mode)

Table 22: show

Description

Displays the guest image(s) status or whitelist statistics.

See Also:show (server mode); show (diagnostic mode)

Product(s) CLI

See Also: shutdown; show (diagnostic mode)

Mode(s)

Core

Syntax

show

Parameters

images

Displays guest image update and status information.

whitelist

Displays the name, hit count and the time of last hit of a user configured whitelist.

Note that when a whitelist rule is deleted, it will be removed from the list. Updates to existing rule are not affected by the presence of the rule in the output, but hit count could increment. Further, more than one rule can be hit by a single incident.

alternate-exhaustinterface

Displays the status of the alternate exhaust interface eth2.

Example

The following example demonstrates the show images command usage:

JATP(core)# show images

The following example demonstrates the show whitelist command usage:

JATP(core)# show whitelist
JATP(core)# show whitelist

Rule Name

Hit Count

Local Time of Last Hit

URI1

10

Wed Sep 2 18:16:55 2015

URI2

10

Wed Sep 2 18:16:55 2015

URI3

10

Wed Sep 2 18:16:55 2015

greatfilesarey

49

Wed Sep 2 18:20:00 2015

The following example shows how to get the alternate-exhaust interface (eth2) status:

JATP(core)# show alternate-exhaust interface

show (diagnosis mode)

Description

Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.

See Also:show (server mode)

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

show

Parameters

device {collectorstatus | | corestatus | slavecorestatus}

Display connected device statistics for Traffic Collector, CoreCM, or Mac Mini Detection Engine Secondary “slave core.”

protocol {web | email}

Displays the session counts for network web or email protocols.

objects

Displays the current number of file objects.

logging

Displays the currently-configured logging level.

See Also: set traffic-filter (collector mode) logging

log error traceback

Displays only the tracebacks (if any) generated by Juniper ATP Appliance OS process error logs. A traceback is a stack of functions that were executing when an error condition was encountered.

log error last <integer: number of lines to display>

Displays n [1-1000] lines of the contents of the common log file.

 

Example: show log error last 12

Example

The following example displays the connected Traffic Collector status.

JATP(diagnosis)# show device collectorstatus
<cr>
JATP (diagnosis)# show device collectorstatus WEB_COLLECTOR
IP : 10.2.9.68
Enabled : True
Last Seen : 2015-07-25 15:13:17.967000-07:00
Install Date : 2015-06-25 19:03:38-07:00
IP : 10.2.20.3
Enabled : True
Last Seen : 2015-07-28 11:07:42.046000-07:00
Install Date : 2013-11-14 09:25:39-08:00

This example displays the log error traceback

JATP(diagnosis)# show log error traceback
<cr>

show (server mode)

Table 23: show

Description

Display configurations and status information.

Product(s)CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server, See Also: show (diagnosis mode)

Syntax

show

Parameters

(See Tables below)

 
autoupdate

Show the automatic update setting.

cli timeout

Show the CLI timeout setting.

clock

Show the current date and time.

cm

Show the Central Manager IP address.

controller

Show the driver state for interfaces.

support

Show the remote SSH login support status.

description

Show the server or system description.

devicekey

Show the device key.

devicetype

Show the device type.

dns

Show the DNS servers settings.

eula

Show the End User License Agreement.

firewall [all <| whitelist]

Show the firewall configuration settings.

hostname

Show the system’s host name.

interface [management | monitoring | alternateexhaust]

Show information about the management (administrative) network interface eth0, or the monitoring interface (eth1), or the alternate-exhaust interface (eth2).

See Also:

show controller

Show the IP address of the management (administrative) interface eth0.

ip

Results may show both private and public IP addresses if the AWS vCore has a public IP.

name

Show the server name.

ntpserver

Show the Network Time Protocol (NTP) server settings.

proxy

Shows the proxy configuration for the management network.

Show system statistics:

See also show (collector mode) for show proxy inside/outside data path

cpuload shows average CPU load in the system for running processes in the last 1, 5 and 15 min intervals.

stats [cpuload | disk | memory]

disk shows the disk space usage in the system.

memoryshows the system memory usage.

show stats cpuload (0.06,0.13,0.13)
system-alert

Shows the current set system-alert settings.

timezone {US/Eastern | US/Central | US/ Mountain

Show the current timezone; example:

set timezone US/Pacific

TIP:

set timezone <tab> shows options.
uptime

Show how long the system has been running.

uuid

Show the system UUID (universally unique ID).

version

Show Juniper ATP Appliance software and content security

versions:

Example

The following example displays information about the CoreCM server device type:

CoreCM(server)# show devicetype
Device type: cm, core

The following example requests data about the alternate-exhaust interface (eth2):

CoreCM(server)# show interface alternate-exhaust

The following example shows details about the Collector’s monitoring interface (eth1):

CoreCM(server)# show interface monitoring
Interface: monitoring (eth1) Enabled: Yes Link: Yes
IP Address: unknown Mask: unknown MTU: 1500
MAC Address: 90:d6:1f:22:70:g6 Speed: 1000Mb/s Duplex:
Full
Auto-negotiation: Yes Medium: Copper
RX packets: 1869032424 Bytes: 1716560257902 Errors: 0
Overruns: 0
TX packets: 409287 Bytes: 44607401 Errors: 0 Overruns: 0
Traffic rate for the last 5 seconds/1 minute/5 minutes
RX bits/sec: 108616/160176/442736
RX packets/sec: 44/46/91
TX bits/sec: 0/112/128
TX packets/sec: 0/0/0

shutdown

Table 24: shutdown

Description

Shuts down the Juniper ATP Appliance server.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

shutdown

Parameters

None

Example

The following example performs a shutdown of the current device.

JATP# shutdown

traceroute

Table 25: traceroute

Description

Displays the route packets trace to a host name or an IP address.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

traceroute

Parameters

-h unsigned integer

Specifies the number of hops

string

Names the remote system to be traced.

Example

The following example performs a traceroute of the named device.

JATP# traceroute -h 2 MacMininOSX-Engine

upgrade

Table 26: upgrade

Description

Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and all connected physical or virtual devices.

Product(s) CLI

All-in-One | Core CM

Mode(s)

cm

Syntax

upgrade <URI as user@hostname:path>

Parameters

<String_URI>

Specifies the software packages to copy .from a remo location for upgrading via the Core.

Example

The following example copies Juniper ATP Appliance software to the Core from a remote location defined by the path provided.

CoreCM(cm)# upgrade admin@remoteHost.edu:some/remote/ directory

updateimage

Table 27: updateimage

Description

Update or correct the guest-image OS profile used by the detection and analysis behavioral engine.

The updateimage command will update the guest images from a USB drive attached to the Juniper ATP Appliance.

Product(s) CLI

All-in-One | Core-CM | Mac Mini OS X Detection Engine

Mode(s)

Core

Syntax

updateimage

Parameters

built-in

Updates the guest-image on the detection Engine.

Example

The following example performs a built-in profile update for the Core detection engine.

JATP (core)# updateimage built-in
Installing image SC-XP-20140617.img...
Previous version of SC-XP-20140617.img exists.
Checking integrity...
Image SC-XP-20140617.img is already installed
Installing image SC-W7-20140521.img...
Previous version of SC-W7-20140521.img exists.
Checking integrity...
Image SC-W7-20140521.img is already installed

wizard

Table 28: wizard

Description

Enters the Configuration Wizard. For Configuration Wizard commands and response, see “Configuration Wizard for the CoreCM Server” in the next section to follow command prompts and recommended responses.

Product(s) CLI

All-in-One | Core/CM | Collector | Mac Mini Mac OS X

Mode(s)

Basic

Parameters

wizard

Example

None

The following command starts the configuration wizard.

hostname # wizard

Configuration Wizard for the CoreCM Server

Note

Enter CTRL-C to exit the Configuration Wizard at any time. If you exit without completing the configuration, you will be prompted again whether to run the Configuration Wizard.

You may also rerun the Configuration Wizard at any time with the CLI command wizard.

Configuration Wizard Prompts

Customer Response Actions

Use DHCP to obtain the IP address and DNS server address for the administrative interface (Yes/No)?

Note: Only if your DHCP response is no,enter the following information when prompted:

  1. IP address (no CIDR format)

  2. Netmask

  3. Enter a gateway IP address for this management (administrative) interface:

  4. Enter primary DNS server IP address.

  5. Do you have a secondary DNS Server (Yes/No).

  6. Do you want to enter the search domains?

  7. Enter the search domain (separate multiple search domains by space):

Restart the administrative interface (Yes/No)

We strongly discourage the use of DHCP addressing because it changes dynamically. A static IP address is preferred.

Recommended: Respond with no:

  1. Enter an IP address

  2. Enter a netmask using the form 255.255.255.0.

  3. Enter a gateway IP address.

  4. Enter the DNS server IP address

  5. If yes, enter the IP address of the secondary DNS server.

  6. Enter yes if you want DNS lookups to use a specific domain.

  7. Enter search domain(s) separated by spaces; for example: example.com lan.com dom2.com

Enter yes to restart with the new configuration settings applied.

Enter a valid hostname.

Type a hostname when prompted; do not include the domain; for example: juniperatp1

Note: Only alphanumeric characters and hyphens (in the middle of the hostname) are allowed.

[OPTIONAL]

If the system detects a Secondary Core with an eth3 port, then the alternate CnC exhaust option is displayed:

Use alternate-exhaust for the analysis engine exhaust traffic (Yes/No)?

Enter IP address for the alternate-exhaust (eth2) interface:

Enter netmask for the alternate-exhaust (eth2) interface: (example: 255.255.0.0)

Enter gateway IP Address for the alternateexhaust (eth2) interface: (example:10.6.0.1)

Enter primary DNS server IP Address for the alternate-exhaust (eth2) interface: (example: 8.8.8.8)

Do you have a secondary DNS server for the alternate-exhaust (eth2) interface?

Do you want to enter the search domains for the alternate-exhaust (eth2) interface?

Note: A complete network interface restart can take more than 60 seconds

Refer to “Configuring an Alternate Analysis Engine Interface” in the Juniper ATP Appliance Operator’s Guide for more information.

Enter yes to configure an alternate eth2 interface.

Enter the IP address for the eth2 interface.

Enter the eth2 netmask.

Enter the gateway IP address.

Enter the primary DNS server IP Address for the alternate-exhaust (eth2) interface.

Enter yes or no to confirm or deny an eth2 secondary DNS server.

Enter yes or no to indicate whether you want to enter search domain.

Regenerate the SSL self-signed certificate (Yes/No)?

Enter yes to create a new SSL certificate for the Juniper ATP Appliance Server Web UI.

If you decline the self-signed certificate by entering no, be prepared to install a certificate authority (CA) certificate.

Enter the following server attributes:

Central Manager (CM) IP Address:

Device Name: (must be unique)

Device Name: (must be unique)

Device Key PassPhrase

Note: Remember this passphrase and use it for all distributed devices.

Is this a Central Manager device?:

Enter Yes; the system will auto-set IP 127.0.0.1 as the All-in-One IP address.

Enter a connected Juniper ATP Appliance Collector Device Name; this identifies the Collector in the Web UI.

Enter a device Description

Enter a user-defined PassPhrase to be used to authenticate the Core to the Central Manager.