Use Case 4: Application Visibility
SUMMARY Network administrators can choose between three different views to see how applications and users are affecting the network, observe bandwidth utilization levels, or determine the number of sessions created. Granular usage details, such as which applications are the riskiest, can be viewed. Top talkers are easy to identify and remediate. Different time frames can also be compared to determine when utilization is typically at its peak. Using Actionable Intelligence, administrators can select one or more applications or user/user groups from the Application Visibility or User Visibility charts, then simply select “Block.” Security Director automatically creates the requested rule or rules and deploys them in the optimal location within the rules base, avoiding any anomalies and taking the guesswork out of managing the application and user environment.
Benefits
Delivers greater visibility, enforcement, control, and protection over the network.
Before You Begin
Install Security Director and Log Collector. See Security Director Installation and Upgrade Guide.
Ensure that the SRX Series device runs Junos OS Release 18.2 or later.
Although this use case has been specifically validated against Junos Space Security Director Release 19.3 and an SRX Series device running Junos OS Release 18.2, you can use Junos OS Release 18.2 or later.
Only mandatory fields and other required fields are included in the procedures in this use case.
Overview
In the following topology, we have an enterprise local area network behind a Layer 2 switch. The switch is connected to an SRX Series firewall that has IPS enabled and inspects all the traffic traveling in and out of the network. The SRX Series device can be in any form: hardware, virtual, or containerized.
Block an Application
Let’s block an application called “UNKNOWN”: