Administration Portal Help Center Product Info Getting Started FAQs Release Notes
 
Product Info
Getting Started
FAQs
Release Notes
Table Of Contents  

Enrolling and Disenrolling Devices

Sky ATP uses a Junos OS operation (op) script to help you configure your SRX Series device to connect to the Sky Advanced Threat Prevention cloud service. This script performs the following tasks:

Sky Advanced Threat Prevention requires that both your Routing Engine (control plane) and Packet Forwarding Engine (data plane) can connect to the Internet. Sky Advanced Threat Prevention requires the following ports to be open on the SRX Series device: 80, 8080, and 443.

To enroll a device in Sky ATP, do the following:

  1. Click the Enroll button on the Devices page.
  2. Copy the command to your clipboard and click OK.
  3. Paste the command into the Junos OS CLI of the SRX Series device you want to enroll with Sky ATP and press Enter. Your screen will look similar to the following:
    root@mysystem> op url http://skyatp.argon.junipersecurity.net/bootstrap/
    enroll/6e797dc797d26129dae46f17a7255650/jpz1qkddodlcav5g.slax
    ersion JUNOS Software Release [15.1-X49] is valid for bootstrapping.
    
    Going to enroll single device for SRX1500: P1C_00000067 with hostname
    
    mysystem...
    
    Updating Application Signature DB...
    
    Wait for Application Signature DB download status #1...
    
    Communicate with cloud...
    
    Configure CA...
    
    Request aamw-secintel-ca CA...
    
    Load aamw-secintel-ca CA...
    
    Request aamw-cloud-ca CA...
    
    Load aamw-cloud-ca CA...
    
    Retrieve CA profile aamw-ca...
    
    Generate key pair: aamw-srx-cert...
    
    Enroll local certificate aamw-srx-cert with CA server #1...
    
    Configure advanced-anti-malware services...
    
    Communicate with cloud...
    
    Wait for aamwd connection status #1...
    
    SRX was enrolled successfully!

    The SRX Series device you enrolled now appears in devices list.

    If the script fails, disenroll the device (see instructions for disenrolling devices below) and then re-enroll it.

  4. (Optional) Use the show services advanced-anti-malware status CLI command to verify that a connection is made to the cloud server from the SRX Series device.

Once configured, the SRX Series device communicates to the cloud through multiple persistent connections established over a secure channel (TLS 1.2) and the SRX Series device is authenticated using SSL client certificates.

If you no longer want an SRX Series device to send files to the cloud for inspection, use the disenroll option to disassociate it from Sky Advanced Threat Prevention. The disenroll process generates an ops script to be run on SRX Series devices and resets any properties set by the enroll process.

To disenroll an SRX Series device:

  1. Select the check box associated with the device you want to disasssociate and click Disenroll.
  2. Copy the highlighted command to your clipboard and click OK.
  3. Paste this command into the Junos OS CLI of the device you want to disenroll and press Enter. Your screen will look similar to the following.
    root@mysystem> op url http://skyatp.argon.junipersecurity.net/bootstrap/
    disenroll/6e797dc797d26129dae46f17a7255650/jpz1qkddodlcav5g.slax
    oing to disenroll single device for SRX1500: P1C_00000067...
    
    Communicate with cloud...
    
    P1C_00000067 disenrolled...
    
    Clear CA profile aamw-ca...
    
    Clear CA profile aamw-cloud-ca...
    
    Clear CA profile aamw-secintel-ca...
    
    Clear local certificate aamw-srx-cert with CA server...
    
    Clear key pair: aamw-srx-cert...
    
    Remove advanced-anti-malware services...
    
    Restart aamwd...
    
    Wait for aamwd connection status #1...
    
    SRX was disenrolled successfully!

The device is no longer enrolled with the cloud and is removed from the Web UI Devices table.

You can enroll this device at a later time using the Enroll option.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:          
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit