casb
Syntax
casb {
instance instance-name {
application application-name;
domain domain-name;
instance-id instnace-id;
tag tag-value;
type type;
}
casb-policy policy-name {
rules rule-name {
match {
application application-name {
activity activity-name {
[param-name param-value param-name param-value]
}
instance instance-name;
}
application-group application-group-name {
activity activity-name
}
}
then {
allow;
deny;
log-action;
}
}
log-activity [ login upload download ];
default-rule {
deny;
log-action;
}
}
default-policy;
traceoptions {
file (file-name | files files | match match | no-world-readable | size size | world-readable);
flag ( all | flow | memory | pfeman);
level;
no-remote-trace;
}
Hierarchy Level
[edit security]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Configure Cloud Access Security Broker (CASB).
CASB provides visibility into the security of your cloud applications. To use CASB on your firewalls, you must configure CASB policies and apply CASB policy rules in a security policy.
Options
| instance instance-name |
CASB instance name. Configure CASB instance with application, instance ID, domain, and type. Creating instances for SaaS applications ensures controlled access, data security, and differentiation between corporate and non-corporate usage. |
| casb-policypolicy-name |
CASB policy name. Configure CASB policies to control specific actions on each cloud application. |
| default-policy policy-name |
The default CASB policy that defines the actions the device takes on a packet that does not match any user-defined policy. You must set up a default CASB policy for the unified policy configuration. This default policy applies to the session until a dynamic application match occurs. Once the final application match available for the security policy, the corresponding CASB policy will be applied. If no CASB policy is explicitly configured in the final firewall policy, the CASB service disengages for the session. |
| traceoption |
(Optional) Define tracing operations for CASB functionality. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 24.2R1.