Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE
 

Step 2: Up and Running

Now that you've installed Security Director and Security Director Insights as the log collector, let’s do some initial configuration so you can start managing the security devices on your network. In this section, you’ll learn how to add a log collector to Security Director so you can view the log data. Next, we’ll show you how to create device discovery profiles and how to discover the security devices on your network. After the security devices are discovered, you can configure basic network settings for them, assign addresses, and set firewall policies. You’ll then learn how to configure Juniper ATP Cloud or ATP Appliance with Policy Enforcer.

Add Security Director Insights as a Log Collector

To use the log collector functionality that comes with Security Director Insights, you need to add the IP address of the Security Director Insights VM and enable it as the log collector. Before you add the log collector node in the GUI, you’ll need to set the administrator password. By default, the Security Director log collector is disabled. You’ll need to enable it and then set the administrator password.

Enable Log Collector

  1. Go to the Security Director Insights CLI.

    # ssh admin@${security-director-insights_ip}

  2. Enter the application configuration mode.

    user:Core# applications

  3. Enable Security Director log collector.

    user:Core#(applications)# set log-collector enable on

  4. Configure the administrator password.

    user:Core#(applications)# set log-collector password

    Enter the new password for SD Log Collector access:

    Retype the new password:

    Successfully changed password for SD Log Collector database access

Add Security Director Insights VM as the Log Collector Node

To add the Security Director Insights VM IP address as a log collector node:

  1. From the Security Director user interface, select Administration > Logging Management > Logging Nodes, and click the plus sign (+).

    The Add Logging Node page opens.

  2. Choose the log collector type as Security Director Log Collector.
  3. Click Next.

    The Add Collector Node page opens.

  4. Configure settings for the log collector node:

    • Node Name—Enter a unique name for the log collector

    • IP Address—Enter the IP address of the Security Director Insights VM. The IP address must exactly match the IP address you used for the Security Director insights VM in step 12 of the Install Security Director Insights procedure.

    • User Name—Enter the username of the Security Director Insights VM

    • Password—Enter the password of the Security Director Insights VM

    Click Next. The certificate details are displayed.

  5. Click Finish and then click OK to add the logging node you just created.

Configure Log Collector Settings in Junos Space Network Management Platform

  1. Log in to Junos Space Network Management Platform.
  2. Select Administration > Applications.
  3. Right-click Log Director and select Modify Application Settings.
  4. Enable the following options:

    • Enable SDI Log Collector Query Format

    • Integrated Log Collector on Space Server

Note:

  • The log collector in Security Director Insights supports up to 25K eps.

  • Disable the raw log: user:Core#(applications)# set log-collector raw-log off.

  • Make sure that the SRX Series Firewall configuration points to the corresponding SDI log collector.

Watch and learn how to add the log collector as a special node using Security Director Log Collector.

Add a JSA Log Collector Node to Security Director

Let’s add a JSA log collector Node to Security Director to view the log data on the Dashboard, Events and Logs, Reports, and Alerts pages.

  1. Select Administration > Logging Management > Logging Nodes.
  2. Click the + icon to open the Add Logging Node page.
  3. Choose Juniper Secure Analytics as the log collector type.
  4. Complete the Add Collector/JSA Node configuration. If you're not sure what information to provide for a field, hover over the question mark (?).
    Note:

    For JSA, provide the admin log in credentials of JSA console.
  5. Click Next to display the certificate details.
  6. Click Finish and review the summary of configuration changes.
  7. Click OK to add the node.

When the configuration is complete, the log collector node is shown with an active status on the Logging Nodes page.

Watch and learn how to add the log collector as a special node using JSA Log Collector.

Create a Device Discovery Profile

Here's how to create a device discovery profile:

  1. Select Devices > Device Discovery to open the Device Discovery page.
  2. Click the + icon to open the Create Discovery Profile page.
  3. Complete the configuration. If you're not sure what information to provide for a field, hover over the question mark (?).
  4. Click OK.

    A new device discovery profile is created, and you are returned to the Device Discovery page.

Discover Devices

Now, let's discover devices with the device discovery profile you just created.

  1. Select Devices > Device Discovery to open the Device Discovery page.
  2. Select the device discovery profile and click Run Now to trigger the device discovery job.
  3. Click OK to return to the Device Discovery page.

Watch and learn how to discover devices in Security Director.

Modify the Configuration of Security Devices

If you need to modify the configuration of one or more security devices, here's how:

  1. Select Devices > Security Devices to open the Security Devices page.
  2. Right-click the devices, and select Configuration > Modify Configuration. You can also select this option from the More menu.

    The Modify Configuration page opens. By default, the Basic Setup section is selected.

  3. Complete the configuration. If you're not sure what information to provide for a field, hover over the question mark (?).
  4. Click Save and Deploy to save the configuration changes and deploy the saved configuration to the device.

Create Addresses

Now, let's create addresses to use in firewall policies and apply them to SRX Series Firewall.

  1. Select Configure > Shared Objects > Addresses to open the Addresses page.
  2. Click Create to open the Create Address page.
  3. Complete the configuration. If you're not sure what information to provide for a field, hover over the question mark (?).
  4. Click OK.

    You can use the addresses in firewall policies.

Watch and learn how to create addresses in Security Director.

Create a Firewall Policy

Here's how to create a firewall policy:

  1. Select Configure > Firewall Policy > Standard Policies to open the Standard Policies page.
  2. Click the + icon to open the Create Firewall Policy page.
  3. Complete the configuration. If you're not sure what information to provide for a field, hover over the question mark (?).
  4. Click OK.

    A new policy is created. To activate the policy, add rules in one or more rule bases. You can click the policy name to assign rules inline and then click the + icon to configure policy rules.

Watch and learn how to create a standard firewall policy in Security Director.

Assign Policies to Domains

To enable a firewall policy, you'll need to assign it to a domain. You can assign only one policy at a time to a domain. Security Director validates the domain assignment. If the assignment is not acceptable, it displays a warning message.

  1. Select Configure > Firewall Policy > Standard Policies to open the Standard Policies page.
  2. Right-click the policy, and select Assign Standard Policies to Domains. You can also select this option from the More menu.

    The Assign Standard Policies to Domain page opens.

  3. Select the required items to assign to a domain.
  4. Select the Ignore check box to ignore the warning messages, if any.
  5. Click OK.

    Security Director assigns the policy to the selected domain. You can now use the policy.

Assign Devices to a Policy

Now that you've assigned a policy or policies to a domain, let’s assign devices to the policy.

  1. Select Configure > Firewall Policy > Standard Policies to open the Standard Policies page.
  2. Right-click the policy, and select Assign Devices. You can also select this option from the More menu.

    The Assign Devices page opens.

  3. Select the device you want to add to the policy.
  4. Click OK.

    Security Director assigns the devices to the policy.

Publish and Update Policies on Devices

Now you're ready to apply your firewall policies to the security devices on your network.

  1. Select Configure > Firewall Policy > Standard Policies to open the Standard Policies page.
  2. Select one or more policies and click Update to open the Update Firewall Policy page.
  3. Select Run now or Schedule at a later time.
  4. Select the devices on which you want to publish and update policies.
  5. Click Publish and Update.

    A confirmation message appears.

  6. Click Yes to publish and update policies on the selected devices.

Configure Juniper ATP Cloud or ATP Appliance with Policy Enforcer

If you’re using Policy Enforcer with Security Director, you’ll need to configure Juniper ATP Cloud or Juniper Advanced Threat Prevention (JTAP). You’ll need a Juniper ATP Cloud license and a Juniper ATP Cloud account for three of the configuration types (ATP Cloud or ATP Appliance with Juniper Connected Security, ATP Cloud or ATP Appliance, and Cloud Feeds only), but not for the default mode (No Selection). If you don’t have an ATP Cloud license, contact your local sales office or Juniper Networks partner to place an order for an ATP Cloud premium or basic license.

Here's how to do the initial configuration of Juniper ATP Cloud or ATP Appliance:

  1. In the Security Director user interface, select Administration > Policy Enforcer > Settings.
  2. Enter the IP address and login credentials for the Policy Enforcer VM.
  3. Use the Guided Setup, which is the most efficient way, to complete your initial configuration of Policy Enforcer and Juniper ATP Cloud. In the Security Director user interface, navigate to Configure > Guided Setup > Threat Prevention. Click Start Setup to begin.
  4. Configure tenants, secure fabric, policy enforcement groups, ATP Cloud realms, policies, Geo IP, and click Finish.

    You’ll find more details here.