Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Traffic Collector CLI Commands

 

This chapter describes the commands specific to the Juniper ATP Appliance Collector CLI. The available commands are as follows:

Basic Mode Commands

Collector Mode Commands

Diagnosis Mode Commands

Server Mode Commands

Traffic Collector CLI Commands

capture-start

Table 1: capture-start

Description

Starts packet capture as a means for diagnosing and debugging network traffic and obtaining stats.

See Also: diagnosis [mode]; collector [mode]; copy

Product(s) CLI

All-in-One | Collector

Mode(s)

Diagnosis

Syntax

capture-start

Parameters

<IP address> <interface_name>

Sub-Commands

None

Example

The following example starts a packet capture process on interface eth1 for a Traffic Collector with IP address 8.8.8.8:

hostname # diagnosis

hostname (diagnosis)# capture-start 8.8.8.8 eth1

Note: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the capture filters on.

collector

Table 2: collector

Description

Enters the Collector configuration mode.

See Also: server [mode]

Product(s) CLI

All-in-One | Collector

Mode(s)

Basic

Syntax

collector

Parameters

None

Sub-Commands

exit;help; history; set proxy (collector mode); show (collector mode)

Example

The following example enters collector configuration mode:

hostname # collector
hostname (collector)# ?

copy

Table 3: copy

Description

Uses Secure Copy (SCP) to scp to copy and transfer packet capture or traceback (crash) data to a remote location, providing the same authentication and level of security as an SSH transfer.

The copy traceback command, upon Customer Support's request, copies the traceback files out of the box to a remote location.

See Also: diagnosis [mode]; capture-start

Product(s) CLI

All-in-One | Collector | Core-CM | Mac OSX Engine

Mode(s)

Diagnosis

Syntax

copy capture <scp source_file_name username@destination_host:destination_folder> | traceback all <string URI as user@hostname:path>

Parameters

copy capture <scp remote filename_location>
copy traceback all <path string>
copy traceback <tab> [tab displays all available crash filenames]

Sub-Commands

None

Example

The following example copies the file "captureEth1.txt" from the local host to a remote host:

hostname (diagnosis)# copy capture scp captureEth1.txt

admin@remotehost.edu:/some/remote/directory

diagnosis

Table 4: diagnosis

Description

Enters the Diagnosis configuration and status check mode.

See Also: collector [mode], server [mode]

Product(s) CLI

All-in-One | Collector | Mac OS X Detection Engine

Mode(s)

Basic

Syntax

diagnosis

Parameters

None

Sub-Commands

capture-start; copy; exit; gssreport; help; history; set (server mode); setupcheck; show (diagnosis mode); show (server mode)

Example

The following example enters diagnosis configuration and status check mode:

hostname # diagnosis

hostname (diagnosis)# ?

exit

Table 5: exit

Description

Ends the CLI session.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Server | Collector | Diagnosis

Syntax

exit

Parameters

None

Example

The following example ends a command mode or CLI session.

JATP# (diagnosis) exit
JATP#

gssreport

Table 6: gssreport

Description

Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and to display the status of the current GSS report.

See Also: gssreport; diagnosis[mode]

Product(s) CLI

All-in-One | Collector | Mac OS X Detection Engine

Mode(s)

diagnosis

Syntax

gssreport status | submit

Parameters

status - displays the status of the current GSS report.

submit - submits a report to Juniper ATP Appliance GSS.

Sub-Commands

None

Example

The following examples display the status of a GSS report submission:

	hostname # diagnosis				
hostname (diagnosis)# gssreport submit
Successfully started GSS report
hostname (diagnosis)# gssreport status
GSS is currently enabled
Last 5-minute GSS report at 2015-07-28 10:34:24.414322:
successfully submitted
Last hourly GSS report at 2015-07-28 10:34:24.468259:
successfully submitted
Last daily GSS report at 2015-07-28 10:34:28.225512:
successfully submitted

help

Table 7: help

Description

Displays information about the CLI help system.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Server | Collector | Diagnosis

Syntax

help

Parameters

None

Example

The following example shows some of the output of the help command.

CONTEXT SENSITIVE HELP
[?] - Display context sensitive help. This is either a list of possible command completions with summaries, or the full syntax of the current command. A subsequent repeat of this key, when a command has been resolved, will display a detailed reference.
AUTO-COMPLETION
The following keys both perform auto-completion for the current command line. If the command prefix is not unique then the bell will ring and a subsequent repeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command. If there is a syntax error then offending part of the command line will be highlighted and explained.
[tab] - Auto-completes
[space] - Auto-completes, or if the command is already resolved inserts a space.
If “<cr>” is shown, that means that what you have entered so far is a complete command, and you may press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:
JATP (server)# show f?
firewall Show the firewall configuration settings
interface
JATP (server)# show firewall?
all Show the current iptables settings
whitelist Show the iptables whitelist settings
show firewall whitelist?
<cr>
show firewall whitelist

history

Table 8: history

Description

Displays the current CLI session command line history.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Server | Collector | Diagnosis

Syntax

history

Parameters

None

Example

The following examples returns command line history for the current CLI session.

JATP# history

ifrestart

Table 9: ifrestart

Description

Restarts the interface driver and services using the interface.

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

ifrestart eth0 | eth1

Parameters

eth0  		Restarts the management network administra interface.
eth1  		Restarts the monitoring network interface.

Example

The following example restarts the eth0 interface for the management network.

<FireEye_name># ifrestart eth0

ping

Table 10: ping

Description

Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host name or IP address to verify that the destination is reachable over the network.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

ping [-c count] [-h hops] [string]

Parameters

-ccount

Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.

-hhops

Number of next hops between pings (default is 1).

string

IP address, hostname or interface name used to ping device address

Example

The following example sends three echo requests to the device with the IP Address 10.10.10.1

<FireEye_name># ping -c 3 10.10.10.1

PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314 ms
64 bytes from 10.10.10.1: icmp_req=2 ttl=64 time=0.277 ms
64 bytes from v: icmp_req=3 ttl=64 time=0.274 m
--- 10.10.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.274/0.288/0.314/0.022 ms

reboot

Table 11: reboot

Description

Reboots the Juniper ATP Appliance.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

reboot

Parameters

None

Example

The following example reboots the system.

hostname# reboot

restart

Table 12: restart

Description

Restarts Juniper ATP Appliance services.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

restart [all | behaviorengine | cm | collector | core | correlationengine | database | ntpserver | sshserver | staticengine | webserver]

Parameters

all

Restarts all Juniper ATP Appliance services.

database

Restarts the Database.

ntpserver

Restarts the NTP server.

sshserver

Restarts the SSH server.

Example

The following example restarts the Central manager service.

JATP# restart cm

restore

Table 13: restore

Description

Restores the system configuration to the factory default settings.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

server

Syntax

restore [support | firewall {backup | default} | hostname | network]

Parameters

support

Restores the default support password setting remote login (set during initial installation per l See also (server)# set (server mode)

firewall {backup | default}

Restores the firewall settings from either the pr backup, or from the default factory settings.

Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly will lose the whitelist state as rules cannot be saved in that case.

hostname

Restores the system’s hostname to the factory hostname.

network

Restores the IP address and DNS settings to th factory default settings.

 

Warning: This command option removes the IP address and DNS settings, and reloads the d values for these settings.

Example

The following example restores the system.

JATP# restore

This next example restores the SSH login “support” password to the default

JATP # restore support password

Restore the default support password? (Yes/No)? yes

support password was restored successfully!

server

Table 14: server

Description

Enters the server configuration mode.

See Also: collector

Product(s) CLI

All-in-One | Collector | Core/CM | Mac Mini Mac OS X

Mode(s)

Basic

Syntax

server

Sub-Commands

exit; help; history; ifrestart; ping; reboot; restore; set (server mode); show (server mode)

Example

The following example enters server configuration mode:

hostname # server
hostname (server) # ?

set proxy (collector mode)

Table 15: set proxy

Description

Sets an Inside or Outside data path proxy from collector mode.

Deploy Traffic Collectors in locations where the monitoring interface is (1) placed “outside” between the proxy and the egress network for customer environments in which the proxy supports XFF (X-Forwarded-For), or (2) [the more typical deployment scenario], the Collector is placed between the proxy and the internal network using FQDN (if available) to identify the threat source for all types of incidents (“inside” proxy). When configured, the Juniper ATP Appliance Traffic Collector will monitor all traffic and correctly identify source and destination hosts for each link in the kill chain wherever the data allows for it.

Note that if the “X-Forwarded-For” header is provided in the HTTP request, detection will identify threat targets when deployed outside of the proxy (customers can choose to disable the XFF feature in the proxy setting, if desired).

See Also: set (server mode); set (diagnosis mode)

Note: The mitigation IP address of a CNC server is not be available for Inside proxy deployments. When a Juniper ATP Appliance is deployed behind a proxy, the Mitigation-> Firewall page in the Juniper ATP Appliance Central Manager Web UI (which typically displays the CNC server IP address to mitigate) will be empty. The destination IP address of any callback is made to the proxy server ip address, so it is not relevant to display the proxy server IP address on the Mitigation->Firewall page.

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

set proxy inside {add <proxy IP address> <proxy port> | remove <proxy IP address> <proxy port>
set proxy outside {add <proxy IP address> | remove <proxy IP address>

Parameters

inside

Sets the inside proxy IP addresses

outside

Sets the outside proxy IP addresses

add

Adds a proxy configuration.

remove

Removes a proxy configuration.

Example

The following example sets an inside data path proxy:

JATP(collector)# set proxy inside 10.1.1.1 53

The following example sets an outside data path proxy:

JATP(collector)# set proxy inside 10.2.1.1

set honeypot (collector mode)

Table 16: set honeypot

Description

Enables and disables the SSH-Honeypot feature for a Traffic Collector.

A honeypot can be deployed within a customer network to detect network activity generated by malware attempting to infect or attack other machines in a local area network. These attempted SSH logins can be used to supplement detection of lateral spread.

There are two parameters that can be set for a honeypot:

  • Enable/disable a honeypot

  • Set a Static IP (IP, mask, and gateway) or DHCP of a publicly addressable interface

See Also: show honeypot command in show (collector mode)

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

(collector)# set honeypot ssh-honeypot enable dhcp
(collector)# set honeypot ssh-honeypot enable address (IP address) netmask (subnet IP) gateway (IP address)
(collector):# set honeypot ssh-honeypot disable

Example

The following example enables the SMB parser for lateral detections:

(collector)# set honeypot ssh-honeypot enable address 1.2.3.4 netmask 255.255.0.0 gateway 1.2.3.1

Note: The static IP configuration does not require configuring DNS. Honeypots do not require a DNS server at this time.

set (diagnosis mode)

Table 17: set

Description

Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.

See Also:set (server mode) ; set proxy (collector mode)

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

set logging

Parameters

all

Sets logging for all Juniper ATP Appliance components.

default

Sets logging to the default parameters

debug

Sets logging at the debug level.

info

Sets logging at the info level.

warning

Sets logging at the warning level.

error

Sets logging at the error level.

critical

Sets logging at the critical level.

Example

The following example sets the default logging level for all Juniper ATP Appliance components.

JATP# set logging all

set protocols (collector mode)

Table 18: set protocols

Description

Enables and disables the HTTP or SMB parser for a Traffic Collector.

See Also: show protocols command in show (collector mode)

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

(collector)# set protocols {http [on|off] | smb [on|off]}

Example

The following example enables the SMB parser for lateral detections:

hostname (collector) set protocols smb on

set (server mode)

Table 19: set

Description

Configure the system settings.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server, See Also:set (diagnosis mode); set proxy (collector mode)

Syntax

set [autoupdate {on | off} | cli timeout secs | clock | cm address | support {on | off} | passphrase string | dns | firewall {all <backup | flush> | whitelist} | hostname string | ip {interface | dhcp | address | netmask | gateway} | ntpserver | password | proxy {config | enabled | remove} |timezone string | uipassword]

Parameters

(See table below)

autoupdate {software| content} {on|off}

Turn on or off the automatic product update feature.

autoupdate {software| content} {on|off}

example: set autoupdate content on

cli timeout secs

Set CLI timeout period in seconds (0 indicates no timeout).

clock

Sets the current date and time.

cm address

Sets the IP address of the Central Manager and netmask using the slash notation; example: AAA.BBB.CCC.DD/x

set support {enable | disable} | {localmode}

Enables remote SSH login “support” account or localmode enable|/disable.

passphrase string

Sets the device key password; enter a string.

dns

Sets the DNS servers (or enable DHCP for DNS) for the management interface eth0.

firewall {all <backup | flush> | whitelist <add | delete | flush>}

Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes or flushes the current iptables whitelist-specific settings for the firewall.

The “add” option adds an IP address to the iptables outbound whitelist.

# set firewall whitelist add 10.1.1.1

Whitelist rules rely on normal service shutdown to be backed up. Powering off a VM directly will lose the whitelist state as rules cannot be saved in that case

hostname string

Sets the system’s host name.

ip {interface | dhcp | address | netmask |gateway}

Sets the IP address, netmask, or default gateway, or enables DHCP for the management interface eth0.

ntpserver

Sets the Network Time Protocol (NTP) server.

password

Sets a new password for the CLI administrator.

proxy {config <all|http> | enable <on|off> | remove <all|http>}

Config, enable/disable, or remove “all” proxy configs, or remove an HTTP-specific proxy server.

Tip: Config the proxy for “all” protocols first, and then change HTTP proxy as needed.

timezone {US/ Eastern | US/ Central | US/ Mountain

Show the current timezone; example:

set timezone US/Pacific

Tip: set timezone <tab> shows options.

uipassword

Sets a new admin password for CM Web UI access.

Examples

The following example sets an ip address for the device management interface eth0.

JATP# set ip interface 10.1.1.1

set appliance-type (server mode)

Table 20: set appliance-type

Description

Change the appliance type at any time. For example, change from All-In-One to Core/CM. Note that if you change the appliance type after the initial installation, all data files related to the current type are lost and you must set up the appliance as you would a fresh box.

Product(s) CLI

All-in-One | Core CM | Collector

Mode(s)

server

Syntax

jatp:AIO#(server)# set appliance-type core-cm

Parameters

all-in-one

core-cm

email-collector

traffic-collector

Example

The following example changes the form factor of the appliance from all-in-one (the default) to core-cm:

jatp:AIO#(server)# set appliance-type core-cm
This will result in the deletion of all data and configurations not relevant to the new form factor.
Proceed? (Yes/No)? Yes

set traffic-filter (collector mode)

Table 21: set traffic-filter

Description

Sets traffic filter rules to avoid analysis on a set of configured traffic, which cannot be made retroactive; for example: any analysis skipped as a result of the filtering cannot be reversed. This command can be applied to an entire network/subnet/ CIDR range.

See Also: set (server mode);show (diagnosis mode) [show traffic-filter]

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntac

set traffic-filter {add <rule_name> <domain> <sourceaddress> <destination-address> <source-port> <destination-port> <protocol> | remove <rule_name>}

Parameters

traffic-filter add

Adds a traffic filter rule where:

<RuleString>

“RuleString” is the name of the rule

<Dom-ainString>

“DomainString” is the domain to filter out

<sourc-eaddress>

“source-address” is the source IPv4 address or network (CIDR)

<destination-address>

“destination-address” is the destination IPv4 address or network (CIDR)

<source-port>

“source-port” is the source port number (0-65535)

<destinationport>

“destination-port” is the destination port number

<protocol>

(0-65535)“protocol” is the protocol type: either IP, TCP, UDP or HTTP

Example

The following example add a traffic filter rule to the Traffic Collector.

JATP-collector02(collector)# set traffic-rule add CustomRule2 headqrts.example.com 10.2.00/16 20.0.0.2 90 120 tcp

where destination-address is 20.0.0.2, destination-port is 120, protocol is tcp, source-address is 10.2.0.0/16 and source-port is 90 (in our example).

set traffic-monitoring (for JATP700 and JATP400 Appliances) (collector mode)

Table 22: set traffic-monitoring

Description

Sets the traffic monitoring interface on the JATP700 and JATP400.

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

# set traffic-monitoring-ifc 1gb_ifc

Set the traffic monitoring interface to be the 1G interface.

# set traffic-monitoring-ifc 10gb_ifc

Set the traffic monitoring interface to be the 10G interface.

Note: After making an interface type change, the system must be rebooted for the change to take effect.

setupcheck

Table 23: setupcheck

Description

Checks and reports on basic configuration settings and analysis pipeline setup.

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

setupcheck {all | report | basic | analysis}

Parameters

all

Checks both basic settings and analysis pipelin.

report

Shows report of last setupcheck.

basic

Checks basic configuration settings.

analysis

Checks the analysis pipeline.

Example

The following example checks all basic configuration settings as well as the analysis pipeline:

JATP (diagnosis) # setupcheck all

show (collector mode)

Table 24: show

Description

Displays the Traffic Collector current traffic filters and the current XFF status (enabled or disabled)

Product(s) CLI

All-in-One | Collector

Mode(s)

Collector

Subcommands

traffic-filter | proxy | honeypot

Syntax

show

Parameters

traffic-filter

Shows all traffic filter rules.

protocols

Shows current HTTP or SMB protocol parser settings.

proxy {inside |outside}

Shows Traffic Collector proxy for inside or outside configurations. See also show proxy:

show (server mode)

honeypot

Shows the current honeypot configuration.

show honeypot ssh-honeypot

Example

The following example displays the current Collector proxy inside settings:

collector02(collector)# show proxy inside
Proxy IPs: 10.1.1.1

The following example displays the current traffic filter:

collector02 (collector)# show traffic-filter
Name: CustomRule2, Domain: headqtrs.example.com

The following example displays the current SMB protocol parser setting:

collector02 (collector)# show protocols

show (diagnosis mode)

Table 25: show

Description

Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.

See Also:show (server mode); show (collector mode)

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

show

Parameters

device {collectorstatus | | corestatus | slavecorestatus}

Display connected device statistics for Traffic Collector, CoreCM, or Mac Mini Detection Engine Secondary “slave core.”

Note: Not available from the Mac Mini CLI.

protocol {web | email}

Displays the session counts for network web or email protocols.

Note: Not available from the Mac Mini CLI.

objects

Displays the current number of file objects.

Note: Not available from the Mac Mini CLI.

logging

Displays the currently-configured logging level.

See Also: set (diagnosis mode) logging

log error traceback

Displays only the tracebacks (if any) generated by Juniper ATP Appliance OS process error logs. A traceback is a stack

of functions that were executing when an error condition was encountered.

Note: Not available from the Collector CLI.

log error last <integer: number of lines to display>

Displays n [1-1000] lines of the contents of the common log file.

Note: Not available from the Collector CLI.

Note: Example: show log error last 12

Example

The following example displays the connected Traffic Collector status.

JATP(diagnosis)# show device collectorstatus
<cr>
JATP (diagnosis)# show device collectorstatus WEB_COLLECTOR
IP : 10.2.9.68
Enabled : True
Last Seen : 2014-07-25 15:13:17.967000-07:00
Install Date : 2014-06-25 19:03:38-07:00
IP : 10.2.20.3
Enabled : True
Last Seen : 2014-07-28 11:07:42.046000-07:00
Install Date : 2013-11-14 09:25:39-08:00

show (server mode)

Table 26: show

Description

Display configurations and status information.

Product(s)CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server, See Also: show (collector mode); show (diagnosis mode)

Syntax

show

Parameters

(See the columns below)

 
autoupdate

Show the automatic update setting.

cli timeout

Show the CLI timeout setting.

clock

Show the current date and time.

cm

Show the Central Manager IP address.

controller

Show the driver state for interfaces.

support

Show the remote SSH login support status.

description

Show the server or system description.

devicekey

Show the device key.

devicetype

Show the device type.

dns

Show the DNS servers settings.

eula

Show the End User License Agreement.

firewall [all <| whitelist]

Show the firewall configuration settings.

hostname

Show the system’s host name.

interface

Show information about the management (administrative) network interface eth0 and the monitoring interface eth1.

ip

Show the IP address of the management (administrative) interface eth0.

Results may show both private and public IP addresses if the AWS vCore has a public IP.

name

Show the server name.

ntpserver

Show the Network Time Protocol (NTP) server settings.

proxy

Show current proxy configuration.

uuid

Show the system UUID (universally unique ID).

stats [cpuload | disk | memory]

Show system statistics:

  • cpuload shows the average CPU load in the system

  • disk shows the disk space usage in the system.

  • memory shows the system memory usage.

# show stats cpuload
(0.06, 0.13, 0.13)
timezone

Show the current timezone.

uptime

Show the last manual upgrade-related information.

version

Show Juniper ATP Appliance software and content security versions.

Example

The following example displays information about the All-in-One server device type:

All-in-One(server)# show devicetype
Device type: cm, core, web_collector.

shutdown

Table 27: shutdown

Description

Shuts down the Juniper ATP Appliance server.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

shutdown

Parameters

None

Example

The following example performs a shutdown of the current device.

JATP# shutdown

traceroute

Table 28: traceroute

Description

Displays the route packets trace to a host name or an IP address.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server | Collector

Syntax

traceroute

Parameters

-h unsigned integer

Specifies the number of hops

string

Names the remote system to be traced.

Example

The following example performs a traceroute of the named device.

JATP# traceroute -h 2 8.8.8.8

wizard

Table 29: wizard

Description

Enters the Configuration Wizard. For Configuration Wizard commands and response, see “Configuration Wizard for the CoreCM Server” in the next section to follow command prompts and recommended responses.

Product(s) CLI

All-in-One | Core/CM | Collector | Mac Mini Mac OS X

Mode(s)

Basic

Syntax

wizard

Parameters

None

Example

The following command starts the configuration wizard.

hostname # wizard

Configuration Wizard Command Prompt Progressions

Table 30: Configuration Wizard

Configuration Wizard Prompts

Customer Response from Collector

Use DHCP to obtain the IP address and DNS server address for the administrative interface (Yes/No)?

Note: Only if your DHCP response is no ,enter the following information when prompted:

  1. IP address (no CIDR format)

  2. Netmask

  3. Enter a gateway IP address for this management (administrative) interface:

  4. Enter primary DNS server IP address.

  5. Do you have a secondary DNS Server (Yes/ No).

  6. Do you want to enter the search domains?

  7. Enter the search domain (separate multiple search domains by space):

Restart the administrative interface (Yes/No)?

We strongly discourage the use of DHCP addressing because it changes dynamically. A static IP address is preferred.

Recommended: Respond with no:

  1. Enter an IP address

  2. Enter a netmask using the form 255.255.255.0.

  3. Enter a gateway IP address.

  4. Enter the DNS server IP address

  5. If yes, enter the IP address of the secondary DNS server.

  6. Enter yes if you want DNS lookups to use a specific domain.

  7. Enter search domain(s) separated by spaces; for example: example.com lan.com dom2.com

Enter yes to restart with the new configuration settings applied.

Enter a valid hostname.

Type a hostname when prompted; do not include the domain; for example: juniperatp1

Note: Only alphanumeric characters and hyphens (in the middle of the hostname) are allowed.

Regenerate the SSL self-signed certificate (Yes/ No)?

Not applicable to Collector.

Enter the following server attributes:

Central Manager (CM) IP Address:

Device Name: (must be unique)

Device Description

Device Key PassPhrase

Note: Remember this passphrase and use it for all distributed devices!

Required: Enter the IP address of the Juniper ATP Appliance Server All-in-One CM or CoreCM to which you are connecting [another] Collector in order to register with and view the Collector in the CM Web UI.

Enter the Juniper ATP Appliance Collector Device

Name; this identifies the Collector in the Web UI.

Enter a device Description

Enter the same PassPhrase used to authenticate the Collector to the Central Manager.

Note

Enter CTRL-C to exit the Configuration Wizard at any time. If you exit without completing the