Juniper Advanced Threat Prevention Cloud (Juniper ATP Cloud)
-
Support for username feed type in adaptive threat profiling (SRX Series devices and vSRX)—Starting in Junos OS Release 21.1R1, you can add the user source identity (username) as a feed type in adaptive threat profiling. Use the
add-source-identity-to-feed user-identityandadd-destination-identity-to-feed user-identitycommands at the[edit security policies from-zone zone-name to-zone zone-name policy policy-name then [permit|deny|reject] application-services]hierarchy level to configure the username feed type.[See security-intelligence (security policies), show services security-intelligence sec-profiling-feed status and show services security-intelligence category.]
-
Support for Juniper ATP Cloud services in VXLAN tunnel inspection (SRX4000 line of devices, SRX5000 line of devices, and vSRX)—Starting in Junos OS Release 21.1R1, the listed SRX Series devices and vSRX support Juniper ATP Cloud services such as AAMW and SecIntel in VXLAN tunnel traffic inspection. These services inspect the VXLAN traffic only if there is a security policy configured to perform the inspection. When you configure VXLAN tunnel inspection policies on an SRX Series device, the device scans the VXLAN tunnel traffic through AAMW and SecIntel services.
[See tunnel-inspection and show security flow session.]
-
Policy-based threat profiling (SRX Series devices and vSRX)—Starting in Junos OS Release 21.1R1, you can add the user source identity (username) to a security policy to generate security feeds.
Juniper ATP Cloud service consolidates the generated feeds from SRX Series device and shares the duplicated results back with that security device. The security device uses the feeds to perform actions against the designated traffic. You can enable the security device to use the feeds by configuring security policies with the feeds as matching criteria. When traffic matches policy conditions, the device applies policy actions.