Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Step 1: Begin

 

Juniper Networks® Advanced Threat Prevention Cloud (Juniper ATP Cloud) is a cloud-based threat detection software that protects all hosts in your network against evolving security threats. Juniper ATP Cloud uses a combination of static and dynamic analysis and machine learning to quickly identify unknown threats, either downloaded from the Web or sent through e-mail. It delivers a file verdict and risk score to the SRX Series firewall, which blocks the threat at the network level. In addition, Juniper ATP Cloud delivers security intelligence (SecIntel) feeds consisting of malicious domains, URLs, and IP addresses gathered from file analysis, Juniper Threat Labs research, and highly reputable third-party threat feeds. These feeds are collected and distributed to SRX Series firewalls to automatically block command-and-control (C&C) communications.

Want to see how Juniper ATP Cloud works? Watch now:

  Note

Juniper Sky™ Advanced Threat Prevention (Juniper Sky ATP) is now known as Juniper Networks® Advanced Threat Prevention (ATP) Cloud. The videos in this Day One+ still refer to the old terminology, Juniper Sky ATP.

Topology

Here’s an example of how you can deploy Juniper ATP Cloud to protect a host in your network against security threats.

Get Your Juniper ATP Cloud License

First things, first. You’ll need to get your Juniper ATP Cloud license before you can start configuring Juniper ATP Cloud on your firewall device. Juniper ATP Cloud has three service levels: free, basic, and premium. The free license provides limited functionality and is included with the base software. Contact your local sales office or Juniper Networks partner to place an order for a Juniper ATP Cloud premium or basic license. Once the order is complete, an activation code is sent to you by e-mail. You’ll use this code in conjunction with your SRX Series device serial number to generate a premium or basic license entitlement. (Use the show chassis hardware CLI command to find the serial number of the SRX Series device).

To obtain the license:

  1. Go to https://license.juniper.net and log in with your Juniper Networks Customer Support Center (CSC) credentials.
  2. Select J Series Service Routers and SRX Series Devices or vSRX from the Generate Licenses list.
  3. Using your authorization code and SRX Series serial number, follow the instructions to generate your license key.
    • If you are using Juniper ATP Cloud with SRX Series devices, then you don't need to enter the license key because it is automatically transferred to the cloud server. It can take up to 24 hours for your license to be activated.

    • If you are using Juniper ATP Cloud with vSRX, the license is not automatically transferred. You'll need to install the license. For more details, see License Management and vSRX Deployments. After the license is generated and applied to a specific vSRX device, use the show system license CLI command to view the software serial number of the device.

Want to see how to obtain a license? Watch this video:

 

Get Your SRX Series Device Ready to Work with Juniper ATP Cloud

After you've obtained a Juniper ATP Cloud license, you’ll need to configure your SRX Series device to communicate with the Juniper ATP Cloud Web Portal. Then you can configure policies on the SRX Series device that use Juniper ATP Cloud cloud-based threat feeds.

Note

This guide assumes that you are already familiar with Junos OS CLI commands and syntax, and have experience with administering SRX Series devices.

Before you begin, make sure you have an SSH connection to an Internet-connected SRX Series device.

These SRX Series devices support Juniper ATP Cloud:

  • SRX300 line of devices

  • SRX550M

  • SRX1500

  • SRX4000 line of devices

  • SRX5000 line of devices

  • vSRX

Note

For SRX340, SRX345, and SRX550M, as part of initial device configuration, you must run set security forwarding-process enhanced-services-mode and reboot the device.

Let's get started and configure interfaces and security zones.

  1. Set root authentication.

    user@host# set system root-authentication plain-text-password

    New password:

    Retype new password:

    Note

    The password is not displayed on the screen.

  2. Set the system hostname.

    user@host# set system host-name user@host.example.com

  3. Set up interfaces.

    user@host# set interfaces ge-0/0/0 unit 0 family inet address 192.0.2.1/24

    user@host# set interfaces ge-0/0/1 unit 0 family inet address 192.10.2.1/24

  4. Configure security zones.

    The SRX Series device is a zone-based firewall. You must assign each interface to a zone to pass traffic through it. To configure security zones, enter the following commands:

    Note

    For the untrust or internal security zone, enable only the services required by the infrastructure for each specific service.

    user@host# set security zones security-zone untrust interfaces ge-0/0/0.0

    user@host# set security zones security-zone trust interfaces ge-0/0/1.0

    user@host# set security zones security-zone trust host-inbound-traffic system-services all

    user@host# set security zones security-zone trust host-inbound-traffic protocols all

  5. Configure DNS.

    user@host# set system name-server 192.10.2.2

  6. Configure NTP.

    user@host# set system processes ntp

    user@host# set system ntp boot-server 192.10.2.3

    user@host# set system ntp server 192.10.2.3

    user@host# commit

Want to see how to configure the SRX Series device? Watch this video: