Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Juniper ATP Appliance Email Traffic Collection

When powered up, the Juniper ATP Appliance Collector performs its boot process and then displays a CLI login prompt. Use the following procedure to configure the Juniper ATP Appliance Server using the CLI command line and Configuration Wizard.

Note:

FOR OVA DEPLOYMENTS: this configuration process is optional and can be skipped because these settings are addressed during OVA deployment to the VM vSwitch.

Tip:

Integration requirements for the Email Collector: Microsoft Exchange 2010+

To Configure the Collector Configuration Wizard

  1. At the login prompt, enter the default username admin and the password 1JATP234. Review the displayed EULA and press q to continue.
  2. When prompted to accept the Juniper ATP Appliance End User License Agreement (EULA), enter yes. Configuration cannot continue until the EULA is accepted.
  3. At the prompt, enter a new CLI administrator password. Weak passwords are not accepted. Note that the CLI admin password is maintained separately from the Juniper ATP Appliance Central Manager Web UI interface.
  4. When prompted with the query “Do you want to configure the system using the Configuration Wizard (Yes/ No)?”, enter yes.
  5. Next, respond to the Configuration Wizard questions as follows in the Configuration Wizard section below.

    Configuration Wizard Prompts

    Customer Responses/Actions

    Use DHCP to obtain the IP address and DNS server address for the management interface (Yes/No)?

    We strongly discourage the use of DHCP addressing because it changes dynamically. A static IP address is preferred.

    Recommended: Respond with no:

    Note:

    Note: Only if your DHCP response is no,enter the following information when prompted:

    • IP address

    • Netmask

    • Enter a gateway IP address for this management (administrative) interface:

    • Enter primary DNS server IP address.

    • Do you have a secondary DNS Server (Yes/No).

    • Do you want to enter the search domains?

    • Enter the search domain (separate multiple search domains by space):

    Enter a gateway IP X.X.X.X and quad-tuple netmask using the form 255.255.255.0 (no CIDR format).

    • Enter an IP address

    • Enter a netmask

    • Enter a gateway IP address.

    • Enter the DNS Server IP address

    • If yes, enter the IP address of the secondary DNS server.

    • Enter yes if you want DNS lookups to use a specific domain.

    • Enter search domain(s) separated by spaces; for example: example.com lan.com dom2.com

    Restart the eth0 interface (Yes/No)?

    Enter yes to restart with the new configuration settings applied.

    Enter a valid hostname.

    Type a unique hostname when prompted; do not include the domain; for example: JuniperATP1

    [OPTIONAL]

    If the system detects a Secondary Core with an eth2 port, then the alternate CnC exhaust option is displayed:

    Use alternate-exhaust for the analysis engine exhaust traffic (Yes/No)?

    Enter IP address for the alternate-exhaust (eth2) interface:

    Enter netmask for the alternate-exhaust (eth2) interface: (example: 255.255.0.0)

    Enter gateway IP Address for the alternate-exhaust (eth2) interface: (example:10.6.0.1)

    Enter primary DNS server IP Address for the alternateexhaust (eth2) interface: (example: 8.8.8.8)

    Do you have a secondary DNS server for the alternateexhaust (eth2) interface?

    Do you want to enter the search domains for the alternate-exhaust (eth2) interface?

    Note:

    A complete network interface restart can take more than 60 seconds

    Enter yes to configure an alternate eth2 interface.

    Enter the IP address for the eth2 interface.

    Enter the eth2 netmask.

    Enter the gateway IP address.

    Enter the primary DNS server IP Address for the alternate-exhaust (eth2) interface.

    Enter yes or no to confirm or deny an eth2 secondary DNS server.

    Enter yes or no to indicate whether you want to enter search domain.

    Enter the following server attributes:

    Central Manager (CM) IP Address:

    Device Name: (must be unique)

    Device Description

    Device Key PassPhrase

    Note:

    Remember this passphrase and use for all distributed devices!

    Enter the CM external IP address, not the loopback. in order to register with and view the Collector in the CM Web UI.

    Enter the JuniperATP Collector device name; this identifies the Collector in the Web UI.

    Enter a device Description

    Enter the same PassPhrase used to authenticate the Core to the Central Manager.

    Note:

    Enter CTRL-C to exit the Configuration Wizard at any time. If you exit without completing the configuration, you will be prompted again whether to run the Wizard. You may also rerun the Wizard at any time with the CLI command wizard. Please refer to the CLI Guide for more information.

The Traffic Collector will now automatically “call home” to the Central Manager to announce it is online and active. Wait ~5 minutes and confirm Collector connectivity from the JuniperATP Web UI, as described further below.

When the Configuration Wizard exits to display the CLI, you may use the commands listed in Verifying Configurations and Traffic from the CLI to view interface configurations and to allowlist an Email Collector (in distributed systems) if one is already installed and configured. Special characters used in CLI parameters must be enclosed in double quotation marks.

To exit the CLI, type exit. Be sure to confirm Collector activity from the JuniperATP Central Manager Web UI (below).