Help Center Policies on the SRX Series Device Configure Juniper ATP Cloud Policies on the SRX Series Device

Contents

ContentsHide

Juniper Advanced Threat Prevention Cloud Administration Guide
- About the Documentation
- Overview and Installation
  - Juniper Advanced Threat Prevention Cloud Overview
  - Install Juniper Advanced Threat Cloud Prevention
- The Web Portal and Enrolling SRX Series Devices
  - The Juniper ATP Cloud Web Portal
  - Enroll SRX Series Devices
- Configure
  - Allowlists and Blocklists
    - Allowlist and Blocklist Overview
    - Creating Allowlists and Blocklists
  - Email Scanning: Juniper ATP Cloud
  - Email Scanning: SRX Series Device
  - File Inspection Profiles
    - File Inspection Profiles Overview
    - Creating File Inspection Profiles
  - Adaptive Threat Profiling
    - Adaptive Threat Profiling Overview
    - Create an Adaptive Threat Profiling Feed
  - SecIntel Feeds
    - SecIntel Feeds Overview
    - Juniper SecIntel Feeds Overview
  - Global Configurations
- Monitor and Take Action
  - Reports
    - Reports Overview
    - Configure Report Definitions
  - Hosts
    - Hosts Overview
    - Host Details
  - Identifying Infected Hosts
    - Compromised Hosts: More Information
    - Configuring the SRX Series Devices to Block Infected Hosts
  - Command and Control Servers
    - Command and Control Servers Overview
    - Command and Control Server Details
  - Identify Hosts Communicating with Command and Control Servers
    - Command and Control Servers: More Information
    - Configuring the SRX Series Device to Block Outbound Requests to a C&C Host
  - File Scanning
  - Email Scanning
  - Telemetry
    - Telemetry Overview
    - Telemetry Details
  - Encrypted Traffic Insights
    - Encrypted Traffic Insights Overview
    - Encrypted Traffic Insights Details
- Policies on the SRX Series Device
  - Configure Juniper ATP Cloud Policies on the SRX Series Device
  - Configure IP-Based Geolocations on the SRX Series Device
    - Geolocation IPs and Juniper Advanced Threat Prevention Cloud
    - Configuring Juniper Advanced Threat Prevention Cloud With Geolocation IP
  - Integrate Amazon Web Services GuardDuty with vSRX Firewalls
    - Integrate AWS GuardDuty with vSRX Firewalls
- Administration
  - Juniper ATP Cloud Administration
- Troubleshoot
  - Troubleshooting Topics
- More Documentation
  - ATP Cloud Tech Library Page Links
    - Links to Documentation on Juniper.net

ContentsHide

Juniper Advanced Threat Prevention Cloud Administration Guide
- About the Documentation
- Overview and Installation
  - Juniper Advanced Threat Prevention Cloud Overview
  - Install Juniper Advanced Threat Cloud Prevention
- The Web Portal and Enrolling SRX Series Devices
  - The Juniper ATP Cloud Web Portal
  - Enroll SRX Series Devices
- Configure
  - Allowlists and Blocklists
    - Allowlist and Blocklist Overview
    - Creating Allowlists and Blocklists
  - Email Scanning: Juniper ATP Cloud
  - Email Scanning: SRX Series Device
  - File Inspection Profiles
    - File Inspection Profiles Overview
    - Creating File Inspection Profiles
  - Adaptive Threat Profiling
    - Adaptive Threat Profiling Overview
    - Create an Adaptive Threat Profiling Feed
  - SecIntel Feeds
    - SecIntel Feeds Overview
    - Juniper SecIntel Feeds Overview
  - Global Configurations
- Monitor and Take Action
  - Reports
    - Reports Overview
    - Configure Report Definitions
  - Hosts
    - Hosts Overview
    - Host Details
  - Identifying Infected Hosts
    - Compromised Hosts: More Information
    - Configuring the SRX Series Devices to Block Infected Hosts
  - Command and Control Servers
    - Command and Control Servers Overview
    - Command and Control Server Details
  - Identify Hosts Communicating with Command and Control Servers
    - Command and Control Servers: More Information
    - Configuring the SRX Series Device to Block Outbound Requests to a C&C Host
  - File Scanning
  - Email Scanning
  - Telemetry
    - Telemetry Overview
    - Telemetry Details
  - Encrypted Traffic Insights
    - Encrypted Traffic Insights Overview
    - Encrypted Traffic Insights Details
- Policies on the SRX Series Device
  - Configure Juniper ATP Cloud Policies on the SRX Series Device
  - Configure IP-Based Geolocations on the SRX Series Device
    - Geolocation IPs and Juniper Advanced Threat Prevention Cloud
    - Configuring Juniper Advanced Threat Prevention Cloud With Geolocation IP
  - Integrate Amazon Web Services GuardDuty with vSRX Firewalls
    - Integrate AWS GuardDuty with vSRX Firewalls
- Administration
  - Juniper ATP Cloud Administration
- Troubleshoot
  - Troubleshooting Topics
- More Documentation
  - ATP Cloud Tech Library Page Links
    - Links to Documentation on Juniper.net

Enabling Juniper ATP Cloud for Encrypted HTTPS Connections

Procedure

If you have not already done so, you need to configure ssl-inspect-ca which is used for ssl forward proxy and for detecting malware in HTTPs. Shown below is just one example for configuring ssl forward proxy. For complete information, see Configuring SSL Proxy.

From operational mode, generate a PKI public/private key pair for a local digital certificate.
user@host > request security pki generate-key-pair certificate-id certificate-id size size type type
For example:
user@host > request security pki generate-key-pair certificate-id ssl-inspect-ca size 2048 type rsa
From operational mode, define a self-signed certificate. Specify certificate details such as the certificate identifier (generated in the previous step), a fully qualified domain name for the certificate, and an e-mail address of the entity owning the certificate.
user@host > request security pki local-certificate generate-self-signed certificate-id certificate-id domain-name domain-name subject subject email email-id
For example:
user@host > request security pki local-certificate generate-self-signed certificate-id ssl-inspect-ca domain-name www.juniper.net subject "CN=www.juniper.net,OU=IT,O=Juniper Networks,L=Sunnyvale,ST=CA,C=US" email security-admin@juniper.net

Once done, you can configure the SSL forward proxy to inspect HTTPs traffic. For example:

user@host# set services ssl proxy profile ssl-inspect-profile root-ca ssl-inspect-ca
user@host# set security policies from-zone trust  to-zone untrust  policy firewall-policy1  then permit application-services ssl-proxy profile-name ssl-inspect-profile

For a more complete example, see Example: Configuring a Juniper Advanced Threat Prevention Cloud Policy Using the CLI.

Related Documentation

Example: Configuring a Juniper Advanced Threat Prevention Cloud Policy Using the CLI

Help us to improve. Rate this article.

Feedback Received. Thank You!

Previous

Juniper Advanced Threat Prevention Cloud Policy Overview

Next

Example: Configuring a Juniper Advanced Threat Prevention Cloud Policy Using the CLI

Related Topics

Example: Configuring a Juniper Advanced Threat Prevention Cloud Policy Using the CLI

Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

Rating by you:

X