Step 1: Begin
In this guide, we provide a simple, three-step path, to quickly get you up and running with Juniper Networks® Advanced Threat Prevention Cloud (Juniper ATP Cloud). We’ve simplified and shortened the configuration procedures and included how-to videos that show you how to obtain your ATP license, how to configure SRX devices for Juniper ATP Cloud, and how to use the Juniper ATP Cloud Web Portal to enroll your SRX Series devices and configure basic security policies.
Meet Juniper ATP Cloud
Juniper ATP Cloud is cloud-based threat detection software that protects all hosts in your network against evolving security threats. Juniper ATP Cloud uses a combination of static and dynamic analysis and machine learning to quickly identify unknown threats, either downloaded from the Web or sent through email. It delivers a file verdict and risk score to the SRX Series firewall which blocks the threat at the network level. In addition, Juniper ATP Cloud delivers security intelligence (SecIntel) feeds consisting of malicious domains, URLs, and IP addresses gathered from file analysis, Juniper Threat Labs research, and highly reputable third-party threat feeds. These feeds are collected and distributed to SRX Series firewalls to automatically block command-and-control (C&C) communications.
Want to see how Juniper ATP Cloud works? Watch now:
Juniper Sky™ Advanced Threat Prevention (Juniper Sky ATP) is now known as Juniper Networks® Advanced Threat Prevention (ATP) Cloud. The videos in this Day One+ still refer to the old terminology, Juniper Sky ATP.
Juniper ATP Cloud Topology
Here’s an example of how you can deploy Juniper ATP Cloud to protect a host in your network against security threats.
Get Your Juniper ATP Cloud License
First things, first. You’ll need to get your Juniper ATP Cloud license before you can start configuring Juniper ATP Cloud on your firewall device. Juniper ATP Cloud has three service levels: free, basic, and premium. The free license provides limited functionality and is included with the base software. Contact your local sales office or Juniper Networks partner to place an order for a Juniper ATP Cloud premium or basic license. Once the order is complete, an activation code is sent to you by email. You’ll use this code in conjunction with your SRX Series device serial number to generate a premium or basic license entitlement. (Use the show chassis hardware CLI command to find the serial number of the SRX Series device).
To obtain the license:
- Go to https://license.juniper.net and log in with your Juniper Networks Customer Support Center (CSC) credentials.
- Select J Series Service Routers and SRX Series Devices or vSRX from the Generate Licenses list.
- Using your authorization code and SRX Series serial number,
follow the instructions to generate your license key.
If you are using Juniper ATP Cloud with SRX Series devices, then you don't need to enter the license key because it is automatically transferred to the cloud server. It can take up to 24 hours for your license to be activated.
If you are using Juniper ATP Cloud with vSRX, the license is not automatically transferred. You'll need to install the license. For more details, see License Management and vSRX Deployments. After the license is generated and applied to a specific vSRX device, use the show system license CLI command to view the software serial number of the device.
Want to see how to obtain a license? Watch this video:
Get Your SRX Series Device Ready to Work with Juniper ATP Cloud
After you've obtained a Juniper ATP Cloud license, you’ll need to configure your SRX Series device to communicate with the Juniper ATP Cloud Web Portal. Then you can configure policies on the SRX Series device that use Juniper ATP Cloud cloud-based threat feeds.
This guide assumes that you are already familiar with Junos OS CLI commands and syntax, and have experience with administering SRX Series devices.
Before you begin, make sure you have an SSH connection to an Internet-connected SRX Series device.
These SRX Series devices support Juniper ATP Cloud:
SRX300 line of devices
SRX4000 line of devices
SRX5000 line of devices
For SRX340, SRX345, and SRX550M, as part of initial device configuration, you must run set security forwarding-process enhanced-services-mode and reboot the device.
Let's get started and configure interfaces and security zones.
- Set root authentication.
user@host# set system root-authentication plain-text-password
Retype new password:
The password is not displayed on the screen.
- Set the system hostname.
user@host# set system host-name firstname.lastname@example.org
- Set up interfaces.
user@host# set interfaces ge-0/0/0 unit 0 family inet address 192.0.2.1/24
user@host# set interfaces ge-0/0/1 unit 0 family inet address 184.108.40.206/24
- Configure security zones.
The SRX Series device is a zone-based firewall. You’ll need to assign each interface to a zone to pass traffic through it. To configure security zones, enter the following commands:
For the untrust or internal security zone, enable only the services required by the infrastructure for each specific service.
user@host# set security zones security-zone untrust interfaces ge-0/0/0.0
user@host# set security zones security-zone trust interfaces ge-0/0/1.0
user@host# set security zones security-zone trust host-inbound-traffic system-services all
user@host# set security zones security-zone trust host-inbound-traffic protocols all
- Configure DNS.
user@host# set system name-server 220.127.116.11
- Configure NTP.
user@host# set system processes ntp
user@host# set system ntp boot-server 18.104.22.168
user@host# set system ntp server 22.214.171.124
Want to see how to configure the SRX Series device? Watch this video: