Help Center User GuideWhat's New
 
X
User Guide
What's New
Contents  

Juniper Advanced Threat Prevention Cloud Configuration Overview

Table 5 lists the basic steps to configure Juniper ATP Cloud.

Note These steps assume that you already have your SRX Series device(s) installed, configured, and operational at your site.

Table 5: Configuring Juniper ATP Cloud

Task

Description

For information, see

(optional) Update the administrator profile

Update your administrator profile to add more users with administrator privileges to your security realm and to set the thresholds for receiving alert emails. A default administrator profile is created when you register an account.

This step is done in the Web UI.

Advanced Threat Prevention Cloud Administrator Profile Overview

Enroll your SRX Series devices

Select the SRX Series devices to communicate with Juniper ATP Cloud. Only those listed in the management interface can send files to the cloud for inspection and receive results.

This step is done in the Web UI and on your SRX Series device.

Enrolling an SRX Series Device With Juniper Advanced Threat Prevention Cloud

Set global configurations

Select Configure > Global Configuration to set the default threshold and optionally, e-mail accounts when certain thresholds are reached. For example, you can send e-mails to an IT department when thresholds of 5 are met and send e-mails to an escalation department when thresholds of 9 are met.

Web UI tooltips and online help

(optional) Create allowlists and blocklists

Create allowlists and blocklists to list network nodes that you trust and don’t trust. Allowlisted websites are trusted websites where files downloaded from do not need to be inspected. Blocklisted websites are locations from which downloads should be blocked. Files downloaded from websites that are not in the allowlist or blocklist are sent to the cloud for inspection.

This step is done in the Web UI.

Allowlist and Blocklist Overview

(optional) Create the Juniper ATP Cloud profile

Juniper ATP Cloud profiles define which file types are to be sent to the cloud for inspection. For example, you may want to inspect executable files but not documents. If you don’t create a profile, the default one is used.

This step is done in the Web UI.

Juniper Advanced Threat Prevention Cloud Profile Overview

(optional) Identify compromised hosts

Compromised hosts are systems where there is a high confidence that attackers have gained unauthorized access. Once identified, Juniper ATP Cloud recommends an action and you can create security policies to take enforcement actions on the inbound and outbound traffic on these infected hosts.

This step is done on the SRX Series device.

Compromised Hosts: More Information

(optional) Block outbound requests to a C&C host

The SRX Series device can intercept and perform an enforcement action when a host on your network tries to initiate contact with a possible C&C server on the Internet.

This step is done on the SRX Series device.

Note: Requires Juniper ATP Cloud premium license.

Command and Control Servers: More Information

Configure the Advanced Anti-Malware Policy on the SRX Series Device

Advanced anti-malware security policies reside on the SRX Series device and determine which conditions to send files to the cloud and what to do when a file when a file receives a verdict number above the configured threshold.

This step is done on the SRX Series device.

Juniper Advanced Threat Prevention Cloud Policy Overview

Configure the Security Intelligence Policy on the SRX Series Device

Create the security intelligence policies on the SRX Series device to act on infected hosts and attempts to connect with a C&C server.

This step is done on the SRX Series device.

Configuring the SRX Series Devices to Block Infected Hosts

Configuring the SRX Series Device to Block Outbound Requests to a C&C Host

Enable the firewall policy

Create your SRX Series firewall policy to filter and log traffic in the network using the set security policies from-zone to-zone CLI commands.

This step is done on the SRX Series device.

Configuring the SRX Series Devices to Block Infected Hosts

Configuring the SRX Series Device to Block Outbound Requests to a C&C Host

Example: Configuring a Juniper Advanced Threat Prevention Cloud Policy Using the CLI

You can optionally use APIs for C&C feeds, allowlist and blocklist operations, and file submission. See the Threat Intelligence Open API Setup Guide for more information.

Note 

The cloud sends data, such as your Juniper ATP Cloud allowlists, blocklists and profiles, to the SRX Series device every few seconds. You do not need to manually push your data from the cloud to your SRX Series device. Only new and updated information is sent; the cloud does not continually send all data.

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit