Step 2: Up and Running
Now that you've installed Security Director and Security Director Insights as the log collector, let’s do some initial configuration so you can start managing the security devices on your network. In this section, you’ll learn how to add a log collector to Security Director so you can view the log data. Next, we’ll show you how to create device discovery profiles and how to discover the security devices on your network. After the security devices are discovered, you can configure basic network settings for them, assign addresses, and set firewall policies. You’ll then learn how to configure Juniper ATP Cloud or ATP Appliance with Policy Enforcer.
Add Security Director Insights as a Log Collector
To use the log collector functionality that comes with Security Director Insights, you need to add the IP address of the Security Director Insights VM and enable it as the log collector. Before you add the log collector node in the GUI, you’ll need to set the administrator password. By default, the Security Director log collector is disabled. You’ll need to enable it and then set the administrator password.
- Enable Log Collector
- Add Security Director Insights VM as the Log Collector Node
- Configure Log Collector Settings in Junos Space Network Management Platform
Enable Log Collector
Add Security Director Insights VM as the Log Collector Node
To add the Security Director Insights VM IP address as a log collector node:
Configure Log Collector Settings in Junos Space Network Management Platform
-
The log collector in Security Director Insights supports up to 25K eps.
-
Disable the raw log:
user:Core#(applications)# set log-collector raw-log off
. -
Make sure that the SRX Series Firewall configuration points to the corresponding SDI log collector.
Watch and learn how to add the log collector as a special node using Security Director Log Collector.
Add a JSA Log Collector Node to Security Director
Let’s add a JSA log collector Node to Security Director to view the log data on the Dashboard, Events and Logs, Reports, and Alerts pages.
When the configuration is complete, the log collector node is shown with an active status on the Logging Nodes page.
Watch and learn how to add the log collector as a special node using JSA Log Collector.
Create a Device Discovery Profile
Here's how to create a device discovery profile:
Discover Devices
Now, let's discover devices with the device discovery profile you just created.
- Select Devices > Device Discovery to open the Device Discovery page.
- Select the device discovery profile and click Run Now to trigger the device discovery job.
- Click OK to return to the Device Discovery page.
Watch and learn how to discover devices in Security Director.
Modify the Configuration of Security Devices
If you need to modify the configuration of one or more security devices, here's how:
Create Addresses
Now, let's create addresses to use in firewall policies and apply them to SRX Series Firewall.
Watch and learn how to create addresses in Security Director.
Create a Firewall Policy
Here's how to create a firewall policy:
Watch and learn how to create a standard firewall policy in Security Director.
Assign Policies to Domains
To enable a firewall policy, you'll need to assign it to a domain. You can assign only one policy at a time to a domain. Security Director validates the domain assignment. If the assignment is not acceptable, it displays a warning message.
Assign Devices to a Policy
Now that you've assigned a policy or policies to a domain, let’s assign devices to the policy.
Publish and Update Policies on Devices
Now you're ready to apply your firewall policies to the security devices on your network.
Configure Juniper ATP Cloud or ATP Appliance with Policy Enforcer
If you’re using Policy Enforcer with Security Director, you’ll need to configure Juniper ATP Cloud or Juniper Advanced Threat Prevention (JTAP). You’ll need a Juniper ATP Cloud license and a Juniper ATP Cloud account for three of the configuration types (ATP Cloud or ATP Appliance with Juniper Connected Security, ATP Cloud or ATP Appliance, and Cloud Feeds only), but not for the default mode (No Selection). If you don’t have an ATP Cloud license, contact your local sales office or Juniper Networks partner to place an order for an ATP Cloud premium or basic license.
Here's how to do the initial configuration of Juniper ATP Cloud or ATP Appliance: