Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Using Guided Setup for Sky ATP

    See Sky ATP Features for an overview of Sky ATP.

    For configuring Sky ATP policies, guided setup is the most efficient way to complete your initial configuration. If you are using Sky ATP with Policy Enforcer, you should use guided setup for PE Setup with Sky ATP instead. Find those instructions here: Using Guided Setup for Sky ATP with SDSN.

    Note: A Sky ATP license and account are needed for all threat prevention types (Sky ATP with PE, Sky ATP, and Cloud Feeds only). If you do not have a Sky ATP license, contact your local sales office or Juniper Networks partner to place an order for a Sky ATP premium license. If you do not have a Sky ATP account when you configure Sky ATP, you are redirected to the Sky ATP server to create one. Please obtain a license before you try to create a Sky ATP account. Refer to Installing Policy Enforcer for instructions on obtaining a Sky ATP premium license.

    Guided setup is located under Configure>Guided Setup>Sky ATP. Click Start Setup to begin.

    1. Add a Sky ATP Realm—If you have not created a realm from within your Sky ATP account, you can create it here by clicking the + sign. Once you add a realm, you can enroll SRX Series devices into the realm. A security realm is a group identifier for an organization used to restrict access to Web applications. You can create one or multiple realms. A realm has the following configuration fields
      • Username and Password—These are credentials you must provide, obtained through your Sky ATP account.
      • Realm—This is the name of the realm you are creating.
    2. Click Add devices to enroll them in threat prevention before proceeding to the next step. Devices designated as perimeter firewalls are automatically enrolled with Sky ATP.
    3. Create a Policy—You create a name for the policy, choose one or more profile types depending on the type of threat prevention this policy provides (C&C Server, Infected Host, Malware), and select a log setting.
      • Once configured, threat prevention policies are located under Configure > Threat Prevention > Policies. A policy has the following fields:
        • Name and Description.
        • Profiles—The type of threat this policy manages:
          • C&C Server (Command and Control Server)—A C&C server is a centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them. A C&C profile provides information on C&C servers that have attempted to contact and compromise hosts on your network. Information such as IP address, threat level, and country of origin are gathered.
          • Infected Host—An infected host profile provides information on compromised hosts and their associated threat levels. Host information includes IP address, threat level, blocked status, when the threat was seen, command and control hits, and malware detections.
          • Malware—A malware profile provides information on files downloaded by hosts and found to be suspicious based on known signatures or URLs. The filename, file type, signature, date and time of download, download host, URL, and file verdict are gathered.
        • Logging—All traffic is logged by default. Use the pulldown to narrow the types of traffic to be logged.
    4. The last page is a summary of the items you have configured. Click OK to be taken to the Policies page under Configure > Threat Prevention, and your policy is listed there.

    Note: When you are using Sky ATP without Policy Enforcer, you must assign the policy to a firewall rule before it can take affect. Navigate to Configure > Firewall Policy > Policies. In the Advanced Security column, click an existing item to access the Edit Advanced Security page and select the Threat Prevention Policy from the Threat Prevention pulldown list.

    Modified: 2017-07-18