Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Threat Profiling Support in Security Policy

SUMMARY Read this topic to understand SRX Series Firewall support for threat feeds in the security policies.

Support for Threat Feeds in Security Policies

SRX Series Firewalls can generate, propagate, and consume threat feeds based on their own advanced detection and policy-match events.

Juniper ATP Cloud service consolidates the generated feeds from SRX Series Firewall and shares the duplicated results back to the security device. The security device then uses the feeds to perform actions against the designated traffic. You can enable the security device to use the feeds by configuring security policies with the feeds as a matching criteria. When traffic matches policy conditions, the device applies policy actions.

SRX Series Firewalls support following types of threat feeds in the security policies:

  • source and destination addresses
  • user source identity (user name)

Workflow in using the threat feeds in security policies:

  1. In a security policy, you can add the source address/destination address,/source identity (user name) as a feed for the policy action (deny, reject, and permit rules).
  2. Policy module adds the username to the traffic’s IP address into the feed.
  3. Once the feed is created, Juniper ATP cloud consolidates feeds from all SRX Series Firewalls in your enterprise and sends result to SRX Series Firewall.
  4. When you create another security policy, you can add the feed as match criteria.

See Adaptive Threat Profiling Overview for more information on configuring and deploying security policies with feeds.