October 07, 2023 Release
Juniper Security Director Cloud New Features: October 07, 2023
General
Global search—You can use the advanced search navigation aid on the top bar of the Juniper Security Director Cloud interface to search for:
-
CASB profiles and rules
-
Configuration templates
-
Content security (antispam, antivirus, anti-malware, content filtering, and web filtering profiles)
-
Extranet devices
-
Decrypt profiles
-
Identity management (JIMS, Active Directory, Access profiles, and Address pools)
-
Intrusion prevention system (IPS) profiles and signatures
-
IPsec VPNs and profiles
-
NAT policies and pools
-
Security Intellience (SecIntel) profiles and groups
-
Software images
-
Users and user roles
[See Using Navigational Elements.]
Monitor
Rule Analysis report—You can create a Rule Analysis report that contains information about the anomalies that Juniper Security Director Cloud detects in security policies after an analysis of the rules. You can use the charts in the Rule Analysis report to present the anomaly information. [See Create Rule Analysis Report Definitions.]
Network Operations report—You can create a Network Operations report that contains information about the top 10 source countries and the top 10 destination countries from where traffic is allowed and blocked from your network. The report categorizes the information based on the number of sessions of network traffic and the bandwidth usage. You can use the charts in the Network Operations report to present information about the top 10 source and top 10 destination countries.[See Create Network Operations Report Definitions.]
User URL report—You can create a user-specific User URL report that contains information about the top 10 URLs the user visited and the date and time when the user visited the URLs. The report also contains information about the risky URLs the user visited, the categories of the URLs, and an assessment of the bandwidth usage. You can use the charts in the User URL report to present information about the URLs the user visited. [See Create URLs Visited Per User Report Definitions.]
Top Talkers report—You can create a Top Talkers report that contains information about the top 10 source IP addresses and the 10 destination IP addresses users visited. The report categorizes the information based on the number of sessions and the bandwidth the sessions consumed. The report also contains information about the top 10 users who initiated the maximum number of Web sessions and consumed the maximum amount of bandwidth. You can use the charts in the Top Talkers report to present information about the top 10 source IP addresses, the top 10 destination IP addresses, and the top 10 users.[See Create Top Talkers Report Definitions.]
SRX
If you have configured and not deployed basic settings, zones, static routing, and routing instances in earlier versions of Juniper Security Director Cloud, you must reconfigure the settings in the corresponding sections in the Junos Detailed Configurations tab and deploy on the device.
Junos Detailed Configurations—Use the Junos Detailed Configuration tab to configure Junos OS properties for an SRX Series Firewall. You can configure interfaces, general routing information, routing protocols, user access, and some system hardware properties. [See About the Devices Page.]
Support for out-of-band device configuration changes—Out-of-band device configuration changes are the changes you make using any method other than Juniper Security Director Cloud. For example, device configuration changes you make using the device commands are out-of-band changes. You can now view a list of all out-of-band changes for a device by using Juniper Security Director Cloud. You can accept or reject the out-of-band changes to synchronize the device with Juniper Security Director Cloud.[See Resolve Out-of-Band Changes.]
Create groups of devices—Device groups are useful to deploy configurations on the devices in bulk. You can create logical groups of devices that you can configure similarly. [See About the Devices Page.]
Create preprovision profiles—Preprovision profiles contain a predefined set of policies that Juniper Security Director Cloud deploys on devices while onboarding the devices. Preprovision profiles are especially useful when you want to deploy policies on multiple devices and device groups. You can use preprovision profiles to automatically deploy a set of policies on devices. [See About the Devices Page.]
Configure IPS sensor settings—You can use the IPS sensor to capture data packets in the form of packet capture (.pcap) files. You can now use Juniper Security Director Cloud only to configure your device to send the packet capture files to an external server. You cannot store these files on Juniper Security Director Cloud. [See Capture IPS Data Packets of Devices.]
Dashboard
CASB widgets support—You can use the CASB dashboard widget to view and monitor the usage of cloud applications on the Juniper Security Director Cloud. You can drag the following CASB-related widgets from the top of the dashboard to your workspace, where you can add, remove, and rearrange the widgets:
-
Sanctioned & Unsanctioned Applications
-
Top Applications by Volume
-
Applications: Most Sessions
-
Application Instance Categories
-
Sanctioned & Unsanctioned Application Instances
-
Application Summary
[See About the Dashboard.]
Shared Services
Merge duplicate addresses—Multiple users create various objects in a network, which sometimes results in the creation of duplicate objects, such as duplicate addresses. You can use the duplicate address detection feature to find duplicate addresses and merge the addresses into one address object. [See About the Addresses Page.]
Replace addresses in bulk—Managing addresses in your network efficiently requires you to frequently update the addresses. You can replace multiple addresses simultaneously to manage your network efficiently and keep your firewall policies updated. [See About the Addresses Page.]
View the network components associated with an address—Manage addresses in your network efficiently by viewing the network components associated with each address object. You can use the View Associations option to view the components associated with each address, such as NAT policies and security policies. [See About the Addresses Page.]
Merge duplicate services—Multiple users create various objects in a network, which sometimes results in the creation of duplicate objects, such as duplicate services. Use the duplicate service detection feature to find duplicate services and merge the services into one service object. [See About the Services Page.]
Replace services in bulk—Managing services in your network efficiently requires you to frequently update the services. You can replace multiple services simultaneously to manage your network efficiently and keep your firewall policies updated.[See About the Services Page.]
View the network components associated with a service—Manage services in your network efficiently by viewing the network components associated with each service object. You can use the View Associations option to view the components associated with each service, such as NAT policies and security policies.[See About the Services Page.]
Organization
Add a home region for your organization—Use the home region setting to segregate users based on their geographical location. You can add a region when you create a new organization. [See Create a New Organization.]
Secure Edge New Features: October 07, 2023
Service Management
Enhancements on the Service Locations page—We've made the following enhancements:
-
You get at least one pair of service locations to ensure maximum service availability.
-
You can add more pairs of service locations as needed.
-
You can add more users to any pair of service locations as needed.
Monitor
View CASB logs—When associated with a Secure Edge policy, a Cloud Access Security Broker (CASB) profile collects logs from the configured cloud applications. You can view and monitor these activity-based and action-based application logs on Monitor > Logs > CASB. [See Monitor CASB Logs.]
View CASB application visibility logs—On the new CASB Application Visibility page (Monitor > Maps & Charts > CASB Applications), you can view the following information related to CASB-supported cloud applications:
-
Volume (network traffic) that each application uses
-
Volume (bandwidth) that each category of the application consumes
-
Number of events or sessions received, grouped by risk as defined by the applications
[See About the CASB Application Visibility Page.]
Tunnel status alerts—You can use the Tunnel Status Alerts page (Monitor > Alerts > Tunnel Status Alerts) to view the tunnel status alerts for the configured tunnels between sites and service locations.
Security Subscriptions
Manage CASB profiles—You can create, modify, clone, and delete Cloud Access Security Broker (CASB) profiles. The CASB functionality provides visibility into the security of your cloud applications. You can also create CASB profile rules to control specific actions on each cloud application to secure your data. After you assign the CASB profile to a Secure Edge policy, the profiles ensure that the traffic flows between cloud providers and on-premises devices comply with the Secure Edge policy. [See About the CASB Profiles Page, About the CASB Rules Page, and Add a Secure Edge Policy Rule.]
CASB inline cloud application activity controls—You can configure rules to control activities on the cloud applications for a CASB profile. The supported activities are login, upload, download, and share. The supported cloud applications are Box, Dropbox, Salesforce, Google Docs, and OneDrive. [See About the CASB Rules Page.]
Application instance for CASB—You can configure an application instance for the CASB profile. Use instance names to define which particular instances of the same cloud application you want to take a policy action on. [See About the CASB Rules Page.]
Application tagging for CASB—You can tag an application instance as Untagged, Sanctioned, or Unsanctioned for a CASB profile to reflect whether or not your organization approves the cloud application. By default, all the application instances are tagged as None. This type of tagging is not the same as the application instance tagging for the CASB rules. [See About the Application Tagging Page.]
Custom URL categories—You can create custom URL categories and add them to Web filtering profiles. You can also assign one of the following actions to the URL categories:
-
Log and permit the URLs.
-
Block the URLs.
-
Permit the URLs.
-
Quarantine the URLs.
Security Policy
Captive portal support for unauthenticated on-premises users—You can now use captive portal to authenticate on-premises users that request access to a network service. In earlier releases, you could use captive portal to authenticate only roaming users. By default, captive portal is enabled for roaming users and disabled for on-premises site users. You can enable the captive portal support for on-premises users from the Secure Edge Policy page. [See About the Secure Edge Policy Page, and Add a Secure Edge Policy Rule.]
Identity
Supported JIMS Collector version—Secure Edge now supports JIMS Collector Release 1.7.0 and later. [See Juniper Identity Management Service Overview.]
Shared Services
Import URL patterns from a CSV file—Import multiple allowed or blocked URL patterns from a CSV file. You can use these URL patterns to validate inbound and outbound URL requests and allow or block the requests.
[See Import URL Patterns from a CSV File.]
DAG filter—You can filter and view the dynamic address group (DAG) feeds from the Amazon Web Services (AWS) regions and services that you select. Use a DAG filter to add the feeds. You can configure a maximum of 10 DAG filters for the selected AWS regions and services. [See Configure DAG Filter.]
Webhook for audit log notifications—You can use an audit log webhook to send Juniper Advanced Threat Prevention Cloud (ATP Cloud) audit log notifications to a remote server. A webhook is an automated message or a real-time notification that any application receives from another application that triggers an event. You can enable the webhook and configure the remote server URL to receive these notifications in a chat application that can process JavaScript Object Notation (JSON) responses. [See Configure Webhook.]