Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Juniper Advanced Threat Prevention Cloud (Juniper ATP Cloud)

  • Server Message Block (SMB) protocol support for Juniper Advanced Threat Prevention Cloud (Juniper ATP Cloud) file inspection (SRX Series)—Starting in Junos OS Release 21.1R1, SRX Series devices support the SMB protocol in advanced anti-malware (AAMW) file inspection. Use the set services advanced-anti-malware policy policy-name smb command to configure file inspection for the SMB protocol.

    [See advanced-anti-malware policy and show services advanced-anti-malware statistics.]

  • Support for configuring DNS sinkhole (SRX5000 line of devices)—Starting in Junos OS Release 21.1R1, we support DNS sinkhole feature on the SRX5000 line of devices in addition to its existing support on SRX4000 line of devices and vSRX. You can configure DNS filtering to identify DNS requests for disallowed domains. You can either:

    • Block access to the domain by sending a DNS response that contains the IP address or fully qualified domain name (FQDN) of a sinkhole server. This ensures that when the client attempts to send traffic to the disallowed domain, the traffic instead goes to the sinkhole server.
    • Log the DNS request and reject access.

    [See dns-filtering.]

  • Support for username feed type in adaptive threat profiling (SRX Series devices and vSRX)—Starting in Junos OS Release 21.1R1, you can add the user source identity (username) as a feed type in adaptive threat profiling. Use the add-source-identity-to-feed user-identity and add-destination-identity-to-feed user-identity commands at the [edit security policies from-zone zone-name to-zone zone-name policy policy-name then [permit|deny|reject] application-services] hierarchy level to configure the username feed type.

    [See security-intelligence (security policies), show services security-intelligence sec-profiling-feed status and show services security-intelligence category.]

  • Enhancements to alerts, alarms, and fallback options (SRX Series)—Starting in Junos OS Release 21.1R1, we've enhanced the following alerts, alarms, and fallback options for failure conditions when you enroll SRX Series devices with Juniper ATP Cloud.

    • Add new SNMP traps for the following:
      • Advanced-anti-malware (AAMW)—jnxJsAAMWChannelUp and jnxJsAAMWChannelDown.
      • Encrypted traffic insights—jnxJsSMSChannelUp and jnxJsSMSChannelDown
      • Security intelligence (SecIntel)—jnxJsSecIntelChannelUp and jnxJsSecIntelChannelDown
    • Raise new alarms for AAMW, encrypted traffic insights, and SecIntel.
    • Add new fallback options for action control in case of failure conditions. Configure the fallback options at the [edit services advanced-anti-malware policy policy-name ] hierarchy level.

    [See advanced-anti-malware policy.]

  • Support for Juniper ATP Cloud services in VXLAN tunnel inspection (SRX4000 line of devices, SRX5000 line of devices, and vSRX)—Starting in Junos OS Release 21.1R1, the listed SRX Series devices and vSRX support Juniper ATP Cloud services such as AAMW and SecIntel in VXLAN tunnel traffic inspection. These services inspect the VXLAN traffic only if there is a security policy configured to perform the inspection. When you configure VXLAN tunnel inspection policies on an SRX Series device, the device scans the VXLAN tunnel traffic through AAMW and SecIntel services.

    [See tunnel-inspection and show security flow session.]

  • Policy-based threat profiling (SRX Series devices and vSRX)—Starting in Junos OS Release 21.1R1, you can add the user source identity (username) to a security policy to generate security feeds.

    Juniper ATP Cloud service consolidates the generated feeds from SRX Series device and shares the duplicated results back with that security device. The security device uses the feeds to perform actions against the designated traffic. You can enable the security device to use the feeds by configuring security policies with the feeds as matching criteria. When traffic matches policy conditions, the device applies policy actions.

    [See Threat Profiling Support in Security Policy.]