Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Add SRX Series Firewalls to ATP Appliance Zones

Configure MSSP Multi-Tenancy Zones

Note:

These instructions pertain to ATP Appliance zones and the SRX Series Firewall. The full section for ATP Appliance Zone configuration can be found in the Operator’s Guide. Configuring MSSP Multi-Tenancy Zones.

You can now add SRX Series Firewalls to zones along with traffic collectors. All tenant collectors and SRX Series Firewalls are connected to the ATP Appliance Core cluster hosted at the MSSP multi-tenancy site. All management of incidents is performed by the MSSP; tenants do not have access to the Core cluster.

A configured zone identifies incidents and events per tenant. The MSSP defines a zone per tenant and groups all collectors and SRX Series Firewalls associated with a tenant to a tenant-specific Zone. ATP Appliance’s event correlation stages track all events per originating zone, and correlate events within the same zone. In this way, the multi-tenant MSSP manages incidents per zone/tenant and controls all zoned ATP Appliance Central Managers per tenant using the ATP Appliance Manager of Central Managers (MCM).

To configure MSSP Zones:

  1. From the ATP Appliance Appliance Central Manager Web UI, navigate to Config>System Profiles>Zones.

  2. Create the new MSSP Zone.

  • View Zone data from the ATP Appliance Appliance Central Manager Web UI Incidents page.

  • Generate Reports that include Zone analytics from the ATP Appliance Appliance Web UI Reports tab.

Figure 1: Zones ConfigurationAdvanced Threat Prevention dashboard with navigation menu, tabs, and Zones section to add or manage zones like ABC Corp and Acme Corp.

Add SRX Series Firewalls to Existing Zones

When an SRX Series Firewall enrolls to ATP ApplianceSRX , it is automatically added to a “default zone.” Use the following instructions to move an SRX Series Firewall to a different zone.

Note:

A zone must already exist in ATP Appliance before you can add an SRX Series Firewall to it.

To move an SRX Series Firewall to a different zone, do the following:

  1. At the ATP Appliance Appliance Central Manager Web UI, navigate to Config>System Profiles>SRX Settings.

  2. Select the SRX Series Firewall and click Edit.

  3. In the window that appears, select the Zone to which you want to add the SRX Series Firewall and click Submit.

    Figure 2: Move SRX Series Firewall to a different ATP Appliance Zone Web interface screenshot of Advanced Threat Prevention Appliance showing Config section focused on System Profiles and SRX Settings. Device "sudhir-vsrx" highlighted with details. Pop-up window titled Update SRX Device Info for editing device details. Sidebar with settings options. Footer with version info and links for Support, Resources, and Contact Us.

Note the following:

  • From the SRX Settings>Config tab, you can view a column that displays the zone to which the SRX Series Firewall belongs.

  • From the Mitigation>Hosts tab, you can view a column in the list of infected hosts that displays the zone to which the SRX Series Firewall belongs.

  • Infected host feeds are sent to SRX Series Firewalls on a per zone basis.

  • View zone data from the ATP Appliance Appliance Central Manager Web UI Incidents page.

  • Generate reports that include zone analytics from the ATP Appliance Appliance Web UI Reports tab.

Figure 3: Enrolled SRX Series Firewalls with Zone AssignmentsAdvanced Threat Prevention Appliance dashboard with options for Refresh Data, System Health, and user account JATP Admin. Sidebar lists settings like Password Reset, Zones, SAML Settings, and more. Main dashboard includes Enrolled Devices table with details like Name, Serial Number, and Status. SMTP Configuration and File Type Profiles sections are visible. Footer has Support, Resources, and Contact Us links.
Figure 4: Infected Hosts with Zone AssignmentsCybersecurity dashboard showing infected hosts with IPs, threat levels, timestamps, zones, C and C hits, malware hits, host status, and investigation links.

Related Documentation