Explicit Web Proxy for Juniper ATP Cloud

With release Junos OS 18.2R1, you can configure explicit web proxy support for SRX Series services Juniper ATP Cloud connections.

If your network uses a web proxy for access and authentication for HTTP(S) outbound sessions, you can configure your Juniper ATP Cloud connections on the SRX Series Firewall to go through a specified web proxy host. To configure HTTP(S) connections to use a web proxy, you create one or more proxy profiles and see those profiles in your anti-malware and security intelligence (SecIntel) policies.

Note:

Support starting in Junos OS 18.2R1

Note that authentication to the proxy host is not supported in this release. Therefore an allowlist rule might be needed for the proxy host, with no authentication for Juniper ATP Cloud tunnel traffic.

Warning:

If you are using a web proxy, you must enroll SRX Series Firewalls using a slightly different process, as follows:

For the first part, get the enrollment op script from the Juniper ATP Cloud Web UI like you normally would.

Click the Enroll button on the Devices page.
Copy the command to your clipboard and click OK.
Take only the URL portion (none of the text in front of it) and enter it into the Junos OS CLI of the SRX Series Firewall you want to enroll using the following command:

> request services advanced-anti-malware enroll https://amer.Juniper Sky.junipersecurity.net/v1/skyatp/ui_api/bootstrap/enroll/5vhcfia9y18nn98v/k2ygewjwm6c0ap4s.slax
Press Enter. (Note that this command must be run in operational mode.)

On the SRX Series Firewall, use the set services command to set the web proxy profile by entering the proxy host IP address and port number as follows:

Add the web proxy profile you created to your Juniper ATP Cloud policies using the following commands:

Use the show services advanced-anti-malware status command to view the web proxy IP address and port number. For example:

Explicit Web Proxy for Juniper ATP Cloud

Related Documentation