Configure ATP Appliance to Support SRX Series Firewall Logical Systems
Logical systems enable you to partition a single device into multiple secure contexts that perform independent tasks. For more information on logical systems and tenant systems, see Logical Systems and Tenant Systems User Guide for Security Devices.
Before you begin:
-
Enroll the SRX Series Firewall with the ATP Appliance. See Juniper Advanced Threat Prevention Appliance Integration with the SRX Series Firewall.
-
Configure logical system in SRX Series Firewall security-intelligence and anti-malware policies. See Configure Logical System in SRX Series Firewall Security-Intelligence and Anti-Malware Policies.
To configure logical systems in the ATP Appliance, do the following:
Select Config > System Profiles > SRX Settings.
The Enrolled Devices page appears. The page displays two SRX Series Firewalls with the names SRX_name and SRX_name:LSYS_name.
Figure 1: Enrolled Devices in ATP ApplianceBy default, no zone is assigned to the logical system. You must create and assign a zone before the logical system is activated. To create a zone, do the following:
Select Config > System Profiles > Zones.
Figure 2: Create ZoneIn the Zone Name field, enter a name for the zone.
In the Zone Description field, enter a description.
Click Add.
A new zone is created.
Navigate back to Config > System Profiles > SRX Settings.
Expand the SRX Series Firewall with the name SRX_name:LSYS_name. Click Edit.
Figure 3: Edit Enrolled DevicesThe Update SRX Device Info page appears.
Figure 4: Update ZoneFrom the Zone drop-down menu, select the zone for the SRX Series Firewall. Click Submit.
The zone information is updated for the SRX Series Firewall configured for the logical system. The Juniper ATP Appliance will start processing traffic from the logical system domain.