Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Juniper Connected Security with Sky ATP and Policy Enforcer (Without Guided Setup)

 

This section provides details of the tasks required to configure Juniper Connected Security without guided setup.

Requirements

See Use Case # 1: Configuring Juniper Connected Security for topology, system requirements, and verification steps.

Overview

The following tasks are required to configure Juniper Connected Security:

  • Create Sky ATP realms

  • Create secure fabric by adding a site and endpoint devices

  • Configure policy enforcement groups

  • Create threat prevention policies

  • Apply threat prevention policies to policy enforcement groups

Configuring Juniper Connected Security with Sky ATP and Policy Enforcer (Without Guided Setup)

Create SKY ATP Realms

Step-by-Step Procedure

Create one or more Sky ATP realms and enroll SRX Series devices in the appropriate realm. (Enroll devices by clicking Add Devices in the list view once the realm is created.)

To create Sky ATP realms:

  1. In the UI, navigate to Configure > Threat Prevention > Sky ATP Realms.
  2. Click the + icon to add a new Sky ATP realm.
  3. Complete the following configuration:
    1. Enter the location by selecting a region of the world from the available choices.

    2. Enter a username. Your username for Sky ATP is your e-mail address.

    3. Enter a password. It should be a unique string at least 8 characters long, and include uppercase and lowercase letters, at least one number, and at least one special character.

    4. Enter a name for the security realm. The name can contain alphanumeric characters and the dash symbol, and should be a name that is meaningful to your organization.

    5. Click OK.

Create Sites and Add Devices

Step-by-Step Procedure

A Secure Fabric is a collection of sites which contain network devices (switches, routers, firewalls, and other security devices) used in policy enforcement groups.

  1. In the UI, navigate to Devices > Secure Fabric.
  2. Click the + icon to create a new site.
  3. Enter the following details for the new site:
    1. Site name.

    2. Description (Optional).

  4. Click OK.
  5. Assign or reassign devices to a site.
    1. Click an existing device to edit it or click Add Enforcement Points.

    2. On the Add Enforcement Points page, select the check box beside a device in the Available list and click the > icon to move it to the Selected list.

    3. Click OK.

Create a Policy Enforcement Group

Step-by-Step Procedure

Create a policy enforcement group by adding endpoints under one common group name and later applying a threat prevention policy to that group.

To create a policy enforcement group:

  1. In the UI, navigate to Configure > Shared Objects > Policy Enforcement Groups .
  2. Click the + icon to create a new policy enforcement group.
  3. Enter the following details:
    1. Name.

    2. Description (Optional).

    3. Select a group type from the available choices: IP address/subnet or location.

    4. Select the check box beside the IP address of the endpoint devices in the Available list and click the > icon to move them to the Selected list. The endpoints in the Selected list will be included in the policy enforcement group.

    5. If the endpoint you want does not appear in the list, add it as an Additional IP and click the Add button.

    6. Click OK.

Create a Threat Prevention Policy

Step-by-Step Procedure

Add the threat prevention policy, including profiles for one or more threat types: C&C server, infected host, malware.

  1. In the UI, navigate to Configure > Threat Prevention > Policies.
  2. Click the + icon to create a new threat prevention policy.
  3. Enter the following details:
    1. Name.

    2. Description.

    3. Select the desired profile(s). Table 1 provides details of available profiles and respective actions.

      Table 1: Profiles Available for Threat Prevention Policy

      Profiles

      Selecting Profile

      Policy Action

      Command and Control Server

      Select the check box to include management for this threat type in the policy.

      Use the slider to change the action to be taken based on the threat score. Select one of the following actions:

      • Drop connection silently (This is the default and recommended setting.)

      • Close connection and do not send a message.

      Infected Host

      Include infected host profile in policy.

      Select one of the following actions:

      • Drop connection silently (This is the default and recommended setting.)

      • Quarantine—In the field provided, enter a VLAN to which quarantined files are sent. (Note that the fallback option is to block and drop the connection silently.)

      Malware (HTTP file download and SMTP File attachment)

      Include malware profile in policy:

      • HTTP file download

      • SMTP File Attachment

      Select one of the following actions:

      • For HTTP file download: Drop connection silently and Close connection and do not send a message.

      • For SMTP File Attachment: Quarantine, Deliver malicious messages with warning headers added, and Permit.

    4. Select a log setting (Policy setting for all profiles).

    5. Click OK.

  4. Click OK.

Apply Threat Prevention Policy to Policy Enforcement Groups

Step-by-Step Procedure

Apply your threat prevention policies to policy enforcement groups. When threat prevention policies are applied to policy enforcement groups, the system automatically discovers to which sites those groups belong.

  1. In the UI, navigate to Configure >Threat Prevention > Policies and find the appropriate policy.
  2. In the Policy Enforcement Groups column, click the Assign to Groups link that appears here when there are no policy enforcement groups assigned, or click the group name that appears in this column to edit the existing list of assigned groups. You can also select the check box beside a policy and click the Assign to Groups button at the top of the page.
  3. On the Assign to Policy Enforcement Groups page, select the check box beside a group in the Available list and click the > icon to move it to the Selected list. The groups in the Selected list will inherit the policy.
  4. Click OK.

    The system performs a rule analysis, and prepares device configurations that include the threat prevention policies.

  5. Once the analysis is complete, instruct the system to push the updated policy to the SRX devices by clicking Update button.
  6. When the push is complete, the system returns to the Policies page.