Configure Encrypted Traffic Insights
Before You Begin
-
Enroll the SRX Series Firewall to Juniper ATP Cloud. For more information, see Enroll an SRX Series Firewall Using the CLI.
To enable encrypted traffic insights on SRX Series Firewalls, include the following CLI configurations:
-
Configure the security-metadata-streaming policy.
set services security-metadata-streaming policy sms_policy http detections encryptedc2 action permit set services security-metadata-streaming policy sms_policy http detections encryptedc2 notification log
-
Attach the security-metadata-streaming policy to a security firewall policy.
set security policies from-zone trust to-zone untrust application-services security-metadata-streaming-policy sms_policy set security policies from-zone untrust to-zone trust application-services security-metadata-streaming-policy sms_policy
Commit the configuration.
commit
Use the show services security-metadata-streaming
http
statistics
command to view the statistics of security
metadata streaming policy.
show services security-metadata-streaming http statistics
show services security-metadata-streaming http statistics Security Metadata Streaming session statistics: Session inspected: 10 Session whitelisted: 0 Session detected: 6 Security Metadata Streaming submission statistics: Records submission success: 8 Records submission failure: 2
To view the list of servers that are allowlisted for encrypted traffic insights, use the
show services security-metadata-streaming
http
whitelist
command.
show services security-metadata-streaming http whitelist
show services security-metadata-streaming http whitelist No. IP-start IP-end Feed Address 1 192 0.5.0 192.0.5.1 eta_custom_whitelist ID-80001400