Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Juniper Security Director Cloud Getting Started

Ready. Set. Let’s go!

Juniper Security Director Cloud is a cloud-based portal that seamlessly distributes connectivity and security services to sites, users, and applications at scale. Juniper Security Director Cloud provides an extensive scale, granular policy control, and policy breadth across the network.

Add Subscriptions

After you set up your Juniper Security Director Cloud account and log in for the first time, the Subscriptions page is displayed. If you've already purchased a Juniper Security Director Cloud subscription, you'll need to add it to the Juniper Security Director Cloud portal using the Subscriptions page.

You can also use the portal with a 30-day trial subscription which is available in the portal by default. During the trial period, you can access the portal and manage up to five devices with standard security features. When the trial subscription ends, you will still be able to access the portal for the next 30 days (grace period). After the grace period over, your account will be inaccessible, and you must create new account before adding purchased subscription. To purchase a subscription, reach out to your Juniper Networks sales representative, account manager, or visit the Juniper Networks Sales site.

Note:
  • You cannot purchase your subscription through the Juniper Security Director Cloud portal.

  • You can purchase your subscription(s) while still in the trial period.

After you purchase a subscription, you’ll receive an e-mail with the URL to Juniper Security Director Cloud portal and Software Serial Number (SSRN) to activate your subscription in the portal.

To add your purchased subscriptions to your account:

  1. Go to the Administration > Subscriptions page.

    The Subscriptions page opens.

  2. Click Add Subscriptions to open the Add New Subscriptions page.

  3. Enter the following information:

    • Name—A descriptive name for the subscription.
    • SSRN—The software serial number of the subscription that you received in your e-mail.

    If you’ve purchased multiple subscriptions, click + and enter the subscription details.

  4. Click OK.

    Juniper Security Director Cloud verifies the SSRN and activates the subscription(s). The Subscription page opens displaying the newly added subscriptions.

  5. Review your subscription details to be sure everything is correct (activation state, expiration date, number of devices that you subscribed to, and so on).

Adding Devices

Note:

Ensure that your network firewall is configured in the following manner:

  • Allows access to the srx.sdcloud.juniperclouds.net FQDN.

  • Port 7804 opened.

  • Port 6514 opened for monitoring and sending security logs to Juniper Security Director Cloud.

There are multiple ways to add devices to the Security Director cloud portal. Choose the method that's right for you:

  • Add Devices Using Commands. Juniper Security Director Cloud generates commands for adding a device or device cluster. You can copy the commands and paste them into the device console. When you commit the commands to the device, Juniper Security Director Cloud discovers and adds the device or device cluster to the cloud. See Add Devices Using Commands for details.

  • Add Devices With Zero Touch Provisioning. With Zero Touch Provisioning (ZTP) you can configure and provision devices automatically. You can use ZTP to add devices for Junos OS Release 18.4R1 on SRX300, SRX320, SRX340, SRX345, SRX550 HM, SRX1500 SRX Series devices and Junos OS Release 20.1R1 on SRX380 devices. See Add Devices Using Zero Touch Provisioning for details.

  • Add Devices Using J-Web. This feature is supported from J-Web Release 21.3R1 and later. See Add an SRX Series Device to Juniper Security Director Cloud in the J-Web User Guide for SRX Series Devices for details.

  • Add Devices from Security Director. This feature is supported from Security Director Release 21.3R1 and later. See Add Devices to Security Director Cloud in the Security Director User Guide for details.

Add Devices Using Commands

To add devices using commands:

  1. Select SRX > Device Management > Devices to open the Devices page.

  2. Click Add Devices to open the Add Devices page.

  3. Click Adopt SRX Devices.

  4. Juniper Security Director Cloud allows you to add individual devices or device clusters.

    • Select SRX Devices to add individual devices.
    • Select SRX Clusters to add device clusters.
  5. Enter the number of devices or device clusters that you want to add to Juniper Security Director Cloud in the Number of SRX devices to be adopted field and click OK.

    A message appears confirming that the new device or device cluster is added. The Devices page appears with the newly added device or device cluster listed in the table.

    Note:

    At this point, the device or device cluster is not yet added to Juniper Security Director Cloud. So, the Connection Status of the device(s) or device cluster(s) that you just added, is displayed as Discovery Not Initiated.

  6. On the Devices page, in the Connection Status column for the new device, click the Adopt Device link. If you are adding a device cluster, click the Adopt Cluster link.

    The Adopt Devices page appears with the commands that you need to commit to the device.

  7. Copy the commands and paste it to your device edit prompt and press Enter to run the commands. If you want to add a device cluster, paste these commands to the CLI of the primary device of the cluster.

  8. Type Commit and press Enter to commit the changes to the device.

    When you commit the commands to the device, the device discovery process starts in Juniper Security Director Cloud. You can refresh the Devices page and see the status Discovery in progress in the Connection Status column.

    You can view the status of the device adding process, by going to the Administration > Jobs page.

If the device adding process is successful, the Connection Status changes to Up. If the process fails, the Connection Status will change to Discovery failed. You can see the reason for the failure by hovering over the Discovery failed message.

Add Devices Using Zero Touch Provisioning

Zero Touch Provisioning (ZTP) enables you to configure and provision devices automatically, and thus reduces the manual intervention required for adding devices to a network.

ZTP is supported for following Junos OS Releases.

  • Junos OS Release 18.4R1 on SRX300, SRX320, SRX340, SRX345, SRX550 HM, and SRX1500 SRX Series devices.
  • Junos OS Release 20.1R1 on SRX380 devices.
Note:

If you want to add devices other than the models mentioned here to Juniper Security Director Cloud, configure the basic device settings and connectivity, and add the device using Add Devices Using Commands.

Here’s how to add device(s) to your Juniper Security Director Cloud account using ZTP.

  1. Power on the device(s) that you want to add to Juniper Security Director Cloud using ZTP.

  2. Log in to Juniper Security Director Cloud.

  3. Select SRX > Device Management > Devices to open the Devices page.

  4. Click Add Devices to open the Add Devices page.

  5. If you want to manually enter the device(s) details, click Register SRX Devices for ZTP.

    1. Enter the serial number and root password of the device you want to add.
      Note:

      Ensure that you enter the unique serial number for each device.

    2. If you want to add multiple devices, click + and provide the device details.
    3. If you are adding multiple devices and want to use the same root password for all devices, select the Use this password for all devices option for Device 1.
    4. Click OK.
  6. If you want to upload device(s) information as a CSV file, click Register SRX Devices for ZTP > Upload CSV File, browse for the CSV file that you want to upload, and click OK.

The device(s) are added to Juniper Security Director Cloud. You can see the device(s) on the Device Management > Devices page.

Associate Your Device with a Device Subscription

You'll need to associate each device to your Juniper Security Director Cloud subscription (or multiple subscriptions) in order to start managing those devices through the Juniper Security Director Cloud portal.

To associate your device with the device subscription:

  1. Select SRX > Device Management > Devices to open the Devices page.

    For devices that do not have subscriptions, the Subscriptions column displays No subscription.

  2. Select the device, and click Manage Subscriptions. The Manage Subscriptions page opens.

  3. Choose the device subscription to associate with the device.

    Note:

    If you are using a trial subscription, then select Trial from the list.

  4. Click OK.

The device is associated with the subscription. You can see the details of the subscription on the Devices page.

After associating your device with a device subscription, you cannot remove the device subscription. However, you will be able to transfer the device subscription to another device. The device subscription is freed up if you delete the device from the Devices page.

Create Addresses or Address Groups

Addresses and address groups are used in firewall and NAT services. After you create an address, you can combine it with other addresses to form an address group. Address groups are useful when you want to apply the same policy to multiple services.

To create an address or address group:

  1. Select Shared Objects > Objects > Addresses.

    The Addresses page appears.

  2. Click the plus icon (+). The Create Addresses page appears.

  3. Complete the configuration settings according to the guidelines.

  4. Click OK.

A new address or address group is created. You can use this object in firewall or NAT policies.

Add Application Signatures

You can add custom application signatures for applications that are not included in Juniper Networks predefined application database. When you add custom application signatures, make sure that your application signatures are unique, by providing a unique and relevant name.

To create a custom application signature:

  1. Select Shared Objects > Objects > Applications.

  2. Click Create > Signature.

    The Create Application Signature page appears.

  3. Complete the configuration settings according to the guidelines.

  4. Click OK.

A new application signature with your configurations is created.

Create and Deploy a Security Policy

A security policy enforces rules for transit traffic, in terms of what traffic can pass through the firewall, and the actions that need to take place on traffic as it passes through the firewall.

To create a firewall policy:

  1. Select SRX > Security Policies >Security Policies. The Security Policy page appears.

  2. Click the plus icon (+). The Add Security Policy page appears.

  3. Complete the configuration settings according to the guidelines.

  4. Click OK.

The new firewall policy is created and a confirmation message is displayed.

To deploy a security policy:

  1. Select SRX > Security Policies >Security Policies. The Security Policy page appears.

  2. Select one or more policies and click Deploy.

    The Deploy page appears.

  3. In Deployment Time options, select Run Now to deploy the policy immediately. Select Schedule at a later time and specify the date and time at which the policy should be deployed.

  4. Click Deploy.

Enable Security Logs

Configure security logging for devices. When you configure security logging for a device, it streams security logs (monitoring and reporting data) to Juniper Security Director Cloud.

To configure security logging for device:

  1. Select SRX > Device Management > Devices to open the Devices page.

  2. Click Enable Security Logs.

    The Enable Security Logs page appears displaying all the devices.

  3. Select the device or device cluster for which you want to enable security logging and click the edit icon (✎) on the top-right side of the page.

  4. Enable Security Log Status for the device or device cluster.

  5. Select the source interface from the drop-down and click (✔).

    If you have not configured security logging for all the devices or device clusters, a message appears asking you whether you would like to configure security logging for the rest of the devices.

  6. Click Yes to go ahead with the process. Click No to stop the process and configure security logging for other devices or device clusters of your choice.

    If you click Yes, the job is created to push the syslog configuration to the device or device cluster. When the job completes, security logging is configured for the device or device cluster.

Create a NAT Policy

To create a NAT policy:

  1. Select SRX > NAT > NAT Policies. The NAT Policies page appears.

  2. Click the add icon (+). The Create NAT Policy page displays fields required for creating and configuring a NAT policy.

  3. Complete the configuration settings according to the guidelines.

  4. Click OK to save the changes.

A NAT policy with the configuration you provided is created.

Create Advanced Security Profiles

Provide advanced security protection by creating unified threat management (UTM), intrusion prevention system (IPS) or secure socket layer (SSL) profiles and using them in firewalls.

Create a UTM Profile

To create a UTM profile:

  1. Select Security Subscriptions > UTM > UTM Profiles. The UTM Profiles page appears.

  2. Click the add icon (+) to create a new UTM profile. The Create UTM Profiles wizard appears, displaying brief instructions about creating a UTM profile.

  3. Complete the configuration settings according to the guidelines.

  4. Click Finish.

A UTM profile is created. You are returned to the UTM Profiles page where a confirmation message is displayed. After you create a UTM profile, you can assign it to a security policy rule on the Security Policy page.

Create an IPS Profile

To create an IPS profile:

  1. Select Security Subscriptions > IPS > IPS Profiles. The IPS Profiles page appears.

  2. Click the add icon (+) to create a new IPS profile. The Create IPS Profile page appears.

  3. Complete the configuration settings according to the guidelines.

  4. Click OK.

You are returned to the IPS Profiles page and a confirmation message is displayed indicating that the IPS profile is created. After you create an IPS profile, you can add one or more IPS or exempt rules to the profile, and use the IPS profile in a firewall policy intent.

Create a Decrypt Profile

To create a Decrypt profile:

  1. Select Security Subscriptions > Decrypt > Decrypt Profiles. The Decrypt Profile page appears.

  2. Click the add icon (+) to create a Decrypt profile. The Create Decrypt Profiles page appears.

  3. Complete the configuration settings according to the guidelines.

  4. Click OK.

A Decrypt profile is created. You are returned to the Decrypt Profiles page where a confirmation message is displayed.