Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Enroll SRX Series Devices with Sky ATP

    Enrollment establishes a secure connection between the Sky ATP cloud server and the SRX Series device. It also performs basic configurations tasks such as:

    • Downloads and installs certificate authority (CAs) licenses onto your SRX Series device
    • Creates local certificates and enrolls them with the cloud server
    • Establishes a secure connection to the cloud server

    Note: Sky Advanced Threat Prevention requires that both your Routing Engine (control plane) and Packet Forwarding Engine (data plane) can connect to the Internet. You do not need to open any ports on the SRX Series device to communicate with the cloud server. However, if you have a device in the middle, such as a firewall, then that device must have ports 8080 and 443 open.

    1. Go to https://sky.junipersecurity.net and log in.
    2. Navigate to Devices in the Sky ATP Web UI and click the Enroll button.
    3. Run the provided command on the SRX Series device to enroll it.

    You can use the show services advanced-anti-malware status CLI command on your SRX Series device to verify that a connection has been made to the cloud server from the SRX Series device.

    Once enrolled, the SRX Series device communicates to the cloud through multiple, persistent connections established over a secure channel (TLS 1.2) and the SRX device is authenticated using SSL client certificates.

    Modified: 2017-10-10