Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Step 1: Begin

In this guide, we provide a simple, three-step path to quickly set up Juniper Cloud Workload Protection. Once Juniper Cloud Workload Protection is up and running, you’ll learn how to enable runtime protection to protect your application workload.

Meet Juniper Cloud Workload Protection

Juniper Cloud Workload Protection provides visibility and security controls across your cloud infrastructure and applications using a single console. It automatically defends application workloads in any cloud or on-premises environment against attempts to exploit application vulnerabilities and zero day exploits. Whether applications are in production or pre-production, Juniper Cloud Workload Protection provides an effective defense to stop active exploits in their tracks as well as find vulnerabilities before they become liabilities.

You can deploy Juniper Cloud Workload Protection in public cloud, on-premises, or in hybrid environments to protect web applications, containerized workloads, and Kubernetes. This ensures that production applications always have a safety net against exploits, keeping business-critical services connected and resilient no matter where they are.

Here are the key components of Juniper Cloud Workload Protection:

  • Juniper Cloud Workload Protection portal: Available as Software as a Service (SaaS). You can access the portal to manage attacks, vulnerabilities, applications, containers, reports, policies, accounts and so on.
  • Juniper Cloud Workload Protection agent: Available as downloadable agents to provide runtime application self-protection (RASP) or interactive application security testing (IAST) to your applications. You can deploy the agent in your environment to secure your hosts (VMs, containers, and serverless functions) on the cloud or on-premises deployments.

Juniper Cloud Workload Protection agent service runs in a separate container and communicates with the Juniper Cloud Workload Protection portal to receive policies and report activities. When you launch a server/VM/container/application, the Juniper Cloud Workload Protection agents apply the policy to provide protection. A vSRX instance placed between the Internet and the protected applications receives dynamic-address feeds from the portal to block attackers.

Get Ready

In this example, you'll need the following resources to setup and use Juniper Cloud Workload Protection:

  • A valid Juniper Cloud Workload Protection license
  • Linux OS- Ubuntu 18.04
  • Docker Engine- 18.09.1 or later versions
  • Hardware requirements:
    • Juniper Cloud Workload Protection agents (RASP mode)—Linux machine with 500 MB to 2 GB RAM, two vCPUs, and a (minimum) 5 GB hard drive

    • Juniper Cloud Workload Protection agents (IAST mode)—Linux machine with 2 GB to 8 GB RAM (depending on the load), two vCPUs, and a (minimum) 5 GB hard drive

    For additional options supported, see Software and Hardware Requirements for details.

  • vSRX instance with Junos OS Release 19.4R1 or later

  • Juniper Cloud Workload Protection agent and vSRX needs to connect to on ports 80 and 443.

Activate Your Juniper Networks Cloud Workload Protection License

First things, first. You’ll need to get a valid license before you can using start using your Juniper Cloud Workload protection.

Use the following instructions to obtain the appropriate license key for your Juniper Networks Cloud Workload Protection.

  1. Create a user account with Juniper Networks. To access Juniper Cloud Workload Protection, you need an approved user account with Juniper Networks. If you don't already have one, create an account through the User Registration Portal.

    Once you create a Juniper Networks user account, it might take a couple of hours to get the compliance approval Retrieve your software serial number.

  2. Retrieve your software serial number. The software serial number is a unique 14-digit number that Juniper Networks uses to identify your Juniper Networks software installation (or purchased capacity). You can find this number in the software serial number certificate attached to the email sent when you ordered your Juniper Networks service. Store the software serial number in a safe place as you might need it to identify your installation when contacting Juniper Networks for support.
  3. Request your licensed software.

    Open an admin service request (case) using our Service Request Manager on the Juniper Customer Support Center (CSC) and enter the following information. Or call Customer Care.

    • Subject Line: Juniper Cloud Workload Protection Software Request
    • Description:
      • Sales order number
      • Software product SKU
      • Serial Number/SSRN (software serial number in your license fulfillment email). If available, attach the software serial number certificate (PDF) to the admin service request.
      • Email address for the primary admin account. This email address can be the same as the Juniper user account or a different email address. Ensure that the incoming email from outside your organization is allowed.

    Temporary log in details are emailed automatically once your account is set up. Once your service request is processed, you'll receive an email with your account information. Your product is automatically licensed.

Access Juniper Cloud Workload Protection Portal

Here's how to access Juniper Cloud Workload Protection portal:

1. Go to Juniper Cloud Workload Protection.

2. Enter your log in details. Use the log in information you received in the email to sign into your account for the first time.

Click Login to continue. Upon successful authentication, you'll be directed to the Juniper Cloud Workload Protection dashboard.

Next, let's install the required Juniper Cloud Workload Protection agents.