July 01, 2022 Release

Dashboard

Secure Edge dashboard—You can use the following Secure Edge widgets in the user-configurable Security Director Cloud dashboard to get a customized view of the status of network services:

• C&C Server and Malware Source Locations

• Top Infected File Categories

• Top Scanned File Categories

• Top Malware Identified

• Top Compromised Hosts

• VPN Tunnel Status

• Devices Connection Status

• Devices by OS Version

• Devices by Platforms

• Device Subscriptions Status

• Device Management Entitlements

• Overall Storage

• Threat Map: IPS

• Threat Map: Virus

• Firewall: Top Denials

• Firewall: Top Events

• IP: Top Sources

• IP: Top Destinations

• NAT: Top Source Translations

• NAT: Top Destination Translations

• Top Source IPs by Volume

• Virus: Top Blocked

• Web Filtering: Top Blocked

• Applications: Most Sessions

• Top Applications by Volume

• Top Spam by Source

• IPS: Top Attacks

• Top 5 Users by Bandwidth

• Top 5 Service Locations by Users

• Top 3 Sites by Bandwidth

• Top 3 Service Locations by Bandwidth

• Top 5 Sites by Users

• Overview

• Monitored Tunnels Up/Down

• Total Service Locations

[See About the Dashboard.]

Monitor

• View site tunnel status—You can view the status of the configured tunnels between sites and service locations. [See About the Site Tunnel Status Page].

• View service location status—You can view the status of all the service locations, the users in a location, the bandwidth consumed by the users, and the available storage. [See About the Service Locations Monitor Page].

• View ATP status—You can monitor the status of compromised hosts, malicious threat sources, suspicious file downloads, Domain Name System (DNS) Domain Generation Algorithm (DGA) detections, tunnel detections, encrypted traffic insights, quarantined e-mail, blocked e-mail, and telemetry of blocked Web and e-mail files in Juniper Advanced Threat Prevention Cloud (ATP Cloud).

  [See Hosts Overview, DNS DGA and Tunneling Detection Details, Encrypted Traffic Insights Details, and Telemetry Overview.]

• Generate, view, and download ATP reports—You can generate ATP Cloud threat assessment reports in PDF format and run the report on-demand or at scheduled intervals. The report consists of a list of malware, C&C Server destinations, hosts with malicious activities, suspicious domains and URLs, high-risk user data, and actions taken on scanned e-mail.

  [See About the ATP Report Definition Page and About the ATP Generated Reports Page.]

• View end user authentication logs—You can view the details of the logs that are generated while authenticating on-premises and roaming users.

  [See Monitor End User Authentication Logs.]

Secure Edge

• Service locations—You can create, edit, and delete a point of presence (POP) location for a Juniper Secure Edge instance. The service location is the connection (access) point for both on-premises and roaming users. The number of users specified for a service location indicates Secure Edge the capacity that it needs to provision for. [See About the Service Locations Page.]

• Sites—You can create, edit, and delete sites. You can also view and manage the configuration of existing sites. A site is a customer location such as a branch or office. Some or all of the Internet-bound traffic from customer sites may be forwarded to the Juniper Secure Edge cloud through GRE or IPsec tunnels from CPE devices at the site. You can create the following types of sites:

  • GRE
  • IPsec Static
  • IPsec Dynamic

  [See About the Sites Page.]

• IPsec profiles—You can view, create, edit, and delete IPsec profiles. IPsec profiles define the parameters with which an IPsec tunnel is established when the CPE devices start communicating with your Secure Edge solution in the cloud. [See About the IPsec Profiles Page.]

• Manage Secure Edge policies—You can specify what actions to take for specific sets of traffic by using a Secure Edge policy. You can view and manage the policy rules associated with the tenants. [See About the Secure Edge Policy Page].

• Web filtering profiles—You can view, create, edit, and delete Web filtering profiles. Web filtering enables you to manage Internet usage by preventing access to inappropriate Web content over HTTP. [See About the Web Filtering Profiles Page.]

• Content filtering policies—You can view, edit, and delete content filtering policies. Content filtering policies block or permit certain types of traffic over several protocols, such as HTTP, FTP upload and download, IMAP, SMTP, and POP3, based on the MIME type, file extension, protocol command, and embedded object type. [See About the Content Filtering Policies page.]

• DNS security profiles—You can configure a DNS security profile for Domain Generation Algorithm (DGA) detection and tunnel detection. DNS DGA generates random domain names that are used as rendezvous points with potential command and control servers. Tunnel detection detects DNS tunneling which is a cyberattack method that encodes the data of other programs or protocols in DNS queries and responses. Tunnel detection indicates that DNS traffic is likely to be subverted to transmit malware beaconing data or data of another protocol. [See Create a DNS Security Profile.]

• Encrypted traffic insights profiles—You can configure an encrypted traffic insights profile that detects malicious threats hidden in encrypted traffic without intercepting and decrypting the traffic. [See Create an Encrypted Traffic Insights Profile.]

• PAC files—You can download the proxy auto configuration (PAC) files, clone the configuration files, and edit the cloned files. A web browser uses information from the PAC file to know where to direct the traffic for a URL. Depending on the PAC file configuration, the traffic destination can be a proxy server or a real content server. [See About the PAC Page.]

• Explicit proxy profiles—You can configure an explicit proxy profile that Juniper Secure Edge can use to determine which port to listen to for the client-side traffic and which traffic to decrypt or bypass. [See Configure an Explicity Proxy Profile.]

• Decrypt profiles—You can configure decrypt profiles. The configuration enables a decrypt profile to function as an application service within a security policy. [See About the Decrypt Profiles Page.]

• JIMS Collector—You can onboard JIMS Collector in Juniper Secure Edge. Juniper Identity Management Service (JIMS) is a standalone service application that runs on Microsoft Windows. JIMS Collector collects and maintains a large database of user, device, and group information from Active Directory domains or system log services. Juniper Secure Edge supports JIMS Collector Release 1.5 or later. [See Juniper Identity Management Service Overview.]

• IPS profiles—You can configure an intrusion prevention system (IPS) profile that enables you to selectively enforce various attack detection and prevention techniques on network traffic passing through a device. You can create IPS rules or exempt rules for customized IPS profiles.

  [See About IPS Policies.]

• SecIntel profiles—You can configure Security Intelligence (SecIntel) profiles to work with security intelligence feeds, such as C&C, DNS, and infected hosts. SecIntel provides carefully curated and verified threat intelligent feeds that’s continuously collected from Juniper Advanced Threat Prevention (ATP) Cloud, Juniper Threat Labs, dynamic address groups (DAGs), and industry-leading threat feeds to the Juniper Networks MX Series, SRX Series, EX Series, QFX Series, and NFX Series devices and Juniper's wireless access points (WAPs). SecIntel delivers real-time threat intelligence by enabling automatic and responsive traffic filtering.

  [See About SecIntel Profiles.]

• Antimalware profiles—You can configure anti-malware profiles that define the content to scan for any malware and the action to be taken when a malware is detected.

  [See About Anti-malware Profiles.]

• Certificate management—You can configure TLS/SSL certificates that are used to establish secure communications between Juniper Secure Edge and user endpoints. The certificates may be signed by your own Certificate Authority (CA) or by Juniper's CA. You can create a new certificate signing request (CSR) to generate a new certificate or you can have Juniper create a new certificate.

  [See About the Certificate Management Page.]

• End-user authentication—You can configure various authentication methods to authenticate end users. If you are a roaming user, you can configure:

  • Hosted DB—User database hosted on Secure Edge
  • SAML—Identity provider (IdP) through the Security Assertion Markup Language (SAML) 2.0 protocol
  • LDAP—Lightweight Directory Access Protocol (LDAP) servers

  Roaming users are authenticated in the following order: hosted DB, SAML, LDAP.

  If you are an on-premises user, you can use Juniper Identity Management System (JIMS) for authentication.

  [See About the End User Authentication Page.]

Shared Services

• GeoIP—IP-based geolocation (GeoIP) is the method of locating a computer terminal's geographic location by identifying that terminal's IP address. By mapping an IP address to the sources of attack traffic, geographic regions of origin can be determined, giving you the ability to filter traffic to and from specific locations in the world. Using Juniper Security Director Cloud, you can create, modify, or delete the GeoIP feeds. You can use the GeoIP feeds in security policy to deny or allow traffic based on source or destination IP address.

  [See Create a GeoIP Feed in the Juniper Security Director Cloud User Guide.]

• Variable Address—A variable is useful when you want to apply similar rules across devices where only the address might differ. Instead of using static values, you can use variables to create fewer rules and use them more widely. You can achieve this by creating and configuring a variable address for all devices to which you are applying a group policy. [See Variable Address Overview in the Juniper Security Director Cloud User Guide.]

• Juniper Advanced Threat Prevention Cloud—You can configure the following ATP features:

  • File inspection profiles—You can define which files to send to the cloud for inspection. You can group types of files to be scanned together (such as <file>.tar, <file>.exe, and <file>.java) under a common name and create multiple profiles based on the content you want scanned.

    [See File Inspection Profiles Overview.]

  • Allowlists—You can configure an allowlist that contains known trusted IP addresses, hash, e-mail addresses, and URLs. Content downloaded from locations on the allowlist does not need to be inspected for malware.

    [See Create Allowlists and Blocklists.]

  • Blocklists—You can configure a blocklist that contains known untrusted IP addresses and URLs. Access to locations on the blocklist is blocked, and therefore no content can be downloaded from those sites.

    [See Create Allowlists and Blocklists.]

  • SecIntel feeds—You can configure SecIntel feeds for domains, IP addresses and URLs that are known to be connected to malicious activities. SecIntel provides carefully curated and verified threat intelligent feeds that’s continuously collected from Juniper Advanced Threat Prevention (ATP) Cloud, Juniper Threat Labs, dynamic address groups (DAGs), and industry-leading threat feeds.

    [See SecIntel Feeds Overview.]

  • Miscellaneous features—You can configure these additional Juniper ATP Cloud features:
    • Infected hosts—You can set the global threat level to block infected hosts. You can configure Juniper ATP Cloud to send e-mails when certain threat levels are reached for infected hosts.

      [See Global Configuration for Infected Hosts.]

    • Logging—You can select the event types that you want to log for the devices in your realm. The devices in your realm use the event logs to generate system logs (syslogs).

      [See Enable Logging.]

    • Threat intelligence sharing—You can enable Trusted Automated eXchange of Intelligence Information (TAXII) to report and share threat intelligence. You can configure the threshold for threat intelligence sharing. TAXII uses only those files that meet or exceed the set threshold.

      [See Configure Threat Intelligence Sharing.]

    • Proxy servers—You can add trusted proxy server IP addresses to Juniper ATP Cloud. If there is a proxy server between users on the network and a firewall, the firewall might see the proxy server IP address as the source of an HTTP or HTTPS request instead of the actual address of the user making the request.

      [See Configure Trusted Proxy Servers.]

Administration

• Subscriptions—You can add and manage subscriptions for SRX Series Firewalls, Juniper Secure Edge, and storage space. [See Subscriptions.]

• Support for Customizing Organization Settings—You can now customize the organizations to automatically import devices, automatically delete disabled rules, automatically delete unused addresses and services, track the number of times security policies are applied on traffic flow, configure import of unnumbered VPN tunnels, and set the number of configuration snapshots to save for each device.

  [See About the Organization Page in the Juniper Security Director Cloud User Guide.]

• ATP Mapping—You can map a security realm in Juniper ATP Cloud to Juniper Secure Edge in order to access all features from Juniper ATP Cloud.

  [See About the ATP Mapping Page.]

• ATP Audit Log—You can use the ATP Audit Logs page to view information about the login activity and specific tasks that were completed successfully using the Juniper ATP Cloud Web Portal. Audit log entries include details about user-initiated tasks, such as the username, task name, task details, and date and time of execution of the task. You can view audit logs for a specific time span, search and filter for audit logs, and export audit logs in comma-separated values (CSV) format.

  [See About the ATP Audit Logs Page.]