Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

New Features

Juniper Security Director 24.4.1

Dashboard

Security dashboard—Use the widgets in the user-configurable security dashboard for a personalized view of network services. Drag these widgets from the dashboard to your workspace and rearrange the widgets according to your needs. The dashboard widgets display the following information:

  • Device connection status
  • Devices by OS versions and platforms
  • Device subscription status and management entitlements
  • Total intrusion prevention system (IPS) event count
  • Total virus event count
  • Top firewall events and request denials
  • Top source and destination IP addresses and IP address translations
  • Top IP traffic
  • Top infected hosts and websites blocked
  • Top applications by number of sessions and traffic volume
  • Top spam by source IP addresses

[See About the Dashboard.]

Monitor

  • Alerts—Define alert criteria that are based on a set of predefined filters. You can use the filters on the Event Viewer page to generate alerts. You can generate alerts and receive notifications when these alert criteria are met. Additionally, you can use alert ID, description, alert definition, alert type, or recipient e-mail address as alert search criteria. [See Alerts Overview.]

  • Support for logs—Monitor events related to security by using various policy types such as security policies, web filtering, antispam, and antivirus. [See About the Session Page, About the Threats Page, About Web Filtering Events Page, and About All Security Events Page.]

  • View threat events in a visual map—Use the visual threat map to monitor threats across regions. View blocked and allowed threat events included in the IPS feeds and antivirus and antispam engine feeds. The threat map displays event counts of attack objects for specific locations, helping you identify unusual activity that could signal a potential attack. [See Threat Map Overview.]

  • Application visibility—View information about bandwidth consumption, session establishment, and the risks associated with your network applications. Analyze your network applications to obtain useful security management information, such as:

    • Applications that can lead to data loss
    • Bandwidth overconsumption
    • Time-consuming applications
    • Personal applications that can increase business risks

    [See About the Application Visibility Page.]

  • User visibility—View information about network devices. For example, you can view the top 50 devices that are accessing high bandwidth-consuming applications and are establishing a higher number of sessions. Use this data to rate-limit devices that consume large bandwidth or generate the maximum traffic. [See About the User Visibility Page.]

  • Manage reports—View and manage reports that provide summary of network activity and overall network status. You can use these reports to perform a trend analysis of network activities to study changes in traffic patterns. Additionally, you can build custom reports that meet specific needs. [See Manage Reports.]

  • Global search—Use the advanced search feature on the header to search specific data such as security policies, firewall, and network information. Enter keywords or phrases in the search text box to refine your search results based on specific criteria such as date range, device type, and policy type. You can see suggestions as you type in the search text box. [See Juniper Security Director Navigational Elements.]

Device Management

  • Adopt and manage firewalls—Add firewalls to Juniper Security Director Cloud by copying commands generated by Juniper Security Director and pasting the commands into the device console. [See Add Devices.]

  • View device details—The Devices page displays your devices that are managed by Juniper Security Director. You can view device information, such as the software release version, the platform, and various status indicators. You can also view the device inventory details, rollback to a configuration version, resynchronize or reboot a device, and upgrade a device. [See Device Overview.]

  • Device discovery—Use device discovery to add devices to Juniper Security Director. Device discovery is the process of finding a device and then synchronizing the device inventory and configuration with the Juniper Security Director database. You must create a device discovery profile to discover devices in Juniper Security Director. [See Create Device Discovery Profile and Run Device Discovery Profile.]

  • Support for MNHA pairs—Add Multinode High Availability (MNHA) pairs to Juniper Security Director and centrally manage firewalls by using the Juniper Security Director portal. An MNHA pair is supported only for brownfield deployments. [See Add Devices.]

  • Preprovision profile support—Preprovision profiles contain a predefined set of policies that Juniper Security Director deploys on-device during onboarding. Preprovision profiles are especially useful when you want to deploy policies on multiple devices, device groups, or device discovery profiles. You can use preprovision profiles to automatically deploy a set of policies on-device. [See Create Preprovision Profiles.]

  • Support for device groups—Logically group devices for easier deployment and configuration management. Device groups are useful to deploy configurations on the devices in bulk. You can view the device groups on the Devices page under Device Groups tab. [See Device Groups.]

  • Add licenses—Add a license for a feature to a device or a device cluster. Each license is associated with a software feature such as IPS and Content Security and is valid for only one device. [See Add Licenses.]

  • Import certificates—Import device certificates to authenticate SSL. SSL uses public-private key technology that requires a paired private key and an authentication certificate. [See Import Device Certificates.]

  • Manage configuration templates—Deploy customized configurations on your device. Juniper Security Director provides configuration templates to provision configurations, both during onboarding and throughout the device life cycle. You can view, create, modify, clone, and delete configuration templates. In addition, you can deploy configuration templates on one or more devices. You can use the Preview workflow to validate a configuration template. [See Configuration Templates Overview.]

  • Software images—Manage the entire life cycle of the software images on the devices. You can add, delete, stage, and deploy software images on the devices. You can upload images from a remote server or from your local drive. [See Software Images Overview.]

  • Update latest security packages—Use update latest security packages feature to manually upload or download a security package. You can also schedule automatic download of security packages at a specified time. [See Updated Security Package.]

  • Junos detailed configuration—Use the Junos Detailed Configuration tab to configure Junos OS properties for a firewall. You can configure interfaces, general routing information, routing protocols, user access, and some system hardware properties. [See Devices Overview.]

  • Support for out-of-band device configuration changes—Out-of-band (OOB) device configuration changes are the changes that you make without using Juniper Security Director. For example, device configuration changes you make using the device commands are OOB changes. You can view a list of all OOB changes for a device by using Juniper Security Director. You can accept or reject the OOB changes to synchronize the device with Juniper Security Director. [See Out-of-Band Changes.]

Security Policies

  • Manage security policies—Create, modify, and delete security policies and associate devices with security policies. You can also create, modify, and delete the rules that are associated with a security policy. Security rules comprise source and destination endpoints, IP addresses, user identities, URL categories, services, and Layer 7 applications. You can set up either zone-based rules or global rules.[See Security Policy Overview, Add Security Policy, Import Security Policies, and Deploy Security Policies.]

  • Manage policy versions

    • Create a snapshot of existing policies to create new versions for all devices, device groups, and device exceptions.

    • Compare two versions of a security policy and decide to rollback to previous policy version or make changes and deploy the policy again.

    • Remove unwanted versions using the delete icon on the security policy version page.

    [See Create a Policy Version, Compare Policy Versions, and Delete a Policy Version.]

  • Rollback policy versions—You can revert a policy version to a previous version. The rollback operation replaces all the rules and rule groups of the current version with rules and rule groups from the selected version. You can resolve any conflicts between the versioned data and the current objects in the system by using the Rename, Overwrite, or Retain option. [See Rollback Policy Versions.]

Security Subscriptions

  • Manage IPS profiles—Juniper Security Director offers predefined IPS profiles. You can also create customized IPS profiles. You can associate IPS rules and exempt rules with IPS profiles. You can deploy the IPS profiles in a device by referencing the IPS profiles in a security policy rule on the device. [See IPS Profiles Overview.]

  • Manage IPS signatures—Create, modify, clone, and delete IPS signatures, signature groups, and dynamic groups as needed. An IPS compares traffic against known threat signatures and blocks any traffic that matches a detected threat. Use IPS signatures to monitor and prevent intrusions actively. Juniper Security Director contains predefined IPS signatures. You can also create customized IPS signatures. [See IPS Signatures Overview.]

  • Web filtering profiles—View, create, edit, and delete Web filtering profiles. Web filtering enables you to manage Internet usage by preventing access to inappropriate Web content over HTTP. [See Web Filtering Profiles Overview.]

  • Content filtering profiles—Content filtering policies enable you to block or permit certain types of traffic over several protocols such as HTTP, FTP upload and download, IMAP, SMTP, and POP3. These policies provide block or permit lists based on the MIME type, file extension, protocol command, and embedded object type. [See Content Filtering Profiles Overview.]

  • SecIntel profiles—You can configure Security Intelligence (SecIntel) profiles to work with security intelligence feeds, such as command-and-control (C&C), DNS, and infected hosts. SecIntel delivers real-time threat intelligence by enabling automatic and responsive traffic filtering.

    [See SecIntel Profiles Overview.]

  • Anti-malware profiles—Configure anti-malware profiles to specify which content to scan for malware and the steps to take if any malware is found.

    [See Anti-Malware Overview.]

  • Secure web proxy—Create and manage secure web proxy profiles that contain information about the applications that can bypass your proxy servers and connect to webservers directly. [See Secure Web Proxy Overview.]

  • Manage Content Security profiles—View and manage Content Security profiles. Content Security profiles consolidate several security features such as antivirus, antispam, content filtering, and Web filtering to protect against multiple threat types. [See Content Security Profiles Overview.]

  • Manage decrypt profiles—Create, modify, clone, and delete decrypt profiles. SSL proxy is enabled as an application service within a security policy. An SSL proxy handles SSL encryption and decryption between the client and server, but the server or the client cannot detect the presence of the SSL proxy. SSL proxy ensures that it has the keys to encrypt and decrypt the payload. [See Decrypt Profiles Overview.]

  • Metadata streaming policies—Create metadata streaming policies and DNS caches to implement security metadata streaming, protecting your network from advanced threats. A metadata streaming policy protects the network from domain generation algorithm (DGA)-based attacks on DNS packets, DNS tunnels, and threats through HTTP requests. A DNS cache operates by checking request domains against a list of allowed and prohibited domains. [See Security Metadata Streaming Policies Overview.]

  • Flow-based antivirus—Create flow-based antivirus profile that finds and stops security threats in real time. Flow-based inspections use fewer resources than proxy-based inspections. The flow-based inspections also leaves packets unaltered unless a threat is detected. You can set global flow-based antivirus settings and use these settings on multiple devices.

    You can also view flow-based antivirus detection events on the Threats page, on the All Security Events page, and Logs report. [See Flow-based Antivirus Profiles Overview.]

  • ICAP redirect—Create an Internet Content Adaptation Protocol (ICAP) redirect profile to enable the ICAP server to manage request messages, response messages, fallback options, and other associated tasks for authorized traffic. This profile can be incorporated as an application service within the security policy.

    [See ICAP Redirect Profiles Overview.]

IPsec VPN

Manage IPsec VPNs—View and manage IPsec VPN profiles that facilitate communication between remote computers across a public WAN, such as the Internet. A VPN connection can link two LANs (site-to-site VPN) or a remote dial-up user and a LAN. The traffic that flows between these two points passes through shared resources such as routers, switches, and other network equipment that make up the public WAN. Juniper Security Director simplifies the management and deployment of IPsec VPNs. [See IPsec VPN Overview.]

NAT

  • Manage NAT policy rules—Create, edit, clone, and delete NAT policy rules. NAT is a form of network masquerading, where you can hide devices between zones or interfaces. You can use Juniper Security Director to configure three types of NAT on firewalls: source NAT, destination NAT, and static NAT. [See NAT Policies Overview.]

  • Manage NAT pools—Create, edit, clone, and delete NAT pools. A NAT pool is a set of IP addresses that you can define and use for address translation. NAT policies translate internal IP addresses into the addresses in these pools. [See NAT Pools Overview.]

Identity

  • JIMS—Juniper Identity Management Service (JIMS) provides robust and scalable IP address-to-user mapping. You can use Juniper Security Director to push the JIMS configuration to firewalls. SRX Series Firewalls use IP address-to-user mapping to generate authentication entries for user firewalls. [See JIMS Identity Management Service Overview.]

  • Configure Active Directory profiles—Active Directory enables you to configure the IP address-to-user mapping information and the user-to-group mapping information to access the LDAP server. You can view, create, modify, clone, and delete Active Directory profiles. In addition, you can deploy Active Directory profiles on firewalls. [See Active Directory Profile Overview.]

  • Configure access profiles—With access profiles, you can enable access configuration on the network. Access configuration consists of authentication configuration. Juniper Security Director supports RADIUS, LDAP, and local authentication as authentication methods. [See Access Profile Overview.]

  • Configure address pools—Create centralized IPv4 address pools independent of the client applications that use the pools. An address pool is a set of IP addresses available for allocation to users, for example a range of IP addresses that are assigned by DHCP server to clients on network. You can have only IPv4 addresses in an address-assignment pool. [See Address Pools Overview.]

Shared Services

  • GeoIP—IP-based geolocation (GeoIP) is the method of locating a computer terminal's geographic location by identifying that terminal's IP address. By mapping an IP address to the source of attack traffic, you can determine the geographic region from where the malicious traffic originates. You can use this information to filter traffic to and from specific locations in the world. Using Juniper Security Director, you can create, modify, or delete the GeoIP feeds. You can use the GeoIP feeds in security policy to block or allow traffic based on source or destination IP address.

    [See GeoIP Overview .]

  • Manage addresses and address groups—Create addresses to use across all policies. You can use addresses in firewall and NAT services and apply to the corresponding policies. You can also resolve an IP address to the corresponding hostname. Address groups are useful when you want to apply the same policy to multiple services. [See Addresses Overview]

  • Variable address—A variable is useful when you want to apply similar rules across devices that have only a different address. Instead of using static values, you can use variables to create fewer rules and use them more widely. You can limit the number of required rules by creating and configuring a variable address for all devices to which you are applying a group policy. [See Variable Addresses Overview.]

  • Manage services and service groups—A service is an application on a device. After you create a service, you can combine it with other services to form a service group. Service groups are useful when you want to apply the same policy to multiple services. [See Services Overview.]

  • Manage application signatures and application signature groups—Create, modify, clone, and delete custom application signatures and application signature groups. You can also view already downloaded application signatures. Juniper Networks provides signature definitions of known application objects to identify applications for tracking and for firewall policies. [See Application Signatures Overview.]

  • Manage security policy schedules—Create, modify, clone, and delete security policy schedules. Use a schedule to run a security policy rule for a specified period either on a one-time basis or on a recurring basis, based on how you've created the schedule. [See Schedules Overview.]

Administration

  • Subscriptions—Add, apply, and manage your purchased subscriptions for the firewalls in Juniper Security Director. You can add one or more accounts to the subscriptions. When your subscriptions expire or are due for renewal, you receive notifications on the UI. [See Subscriptions Overview.]

  • Manage users and roles—Add, clone, modify, and delete roles and users. [See Users Overview.]

  • View and export audit logs—View and export the audit logs. Audit logs contain information about the tasks that you initiate by using the Juniper Security Director GUI or APIs. Audit log entries usually include details about user-initiated tasks such as the name, role, and IP address of the user who initiated the task, the status of the tasks, and the date and time of execution. You can export audit logs in CSV or PDF formats. [See Audit Logs Overview.]

  • Manage process jobs—View and manage jobs, which are actions performed on objects that Juniper Security Director manages, such as a device, service, or user. You can run a job immediately or schedule a job for later. You can also monitor the status of jobs. [See Jobs Management in Juniper Security Director.]

  • Database backup—View the database backup summary, verify the connection to the external server designated for database backup, and configure a schedule for the database backup. [See Take a Backup of the Database.]

  • Manage device data—View, export, and delete device logs related to security and data traffic. You can export logs for the past one week or one month in CSV format. [See About Data Management Page.]

  • Monitor system resources—Monitor the installed services and the resource usage of VMs, including CPU, memory, and storage. Additionally, you can view the current software bundle version information and upgrade to the latest version. [See System Overview.]

  • Upgrade Juniper Security Director—Upgrade your existing Juniper Security Director version to the latest available version. Select Administration > System and click Upgrade System. Follow the on-screen instructions to complete the upgrade process. [See Upgrade Juniper Security Director.]

  • System faults—View different types of severities and faults in the system, time of occurrence, and the status. You can segregate the faults by their severity or status using the filter option. [See View the System Faults.]

  • System logs—Identify and troubleshoot issues that you might encounter on Juniper Security Director. Use the system logs to:

    • Generate logs from feature groups and microservices for a specific time span.

    • Configure log level settings to generate detailed logs of microservices.

    • Track the process of log generation and then download the archived logs.

    • Share the generated logs with the Juniper Networks support team to troubleshoot issues associated with the application or services.

    [See About System Logs Page.]

  • Organization—An organization helps you manage your devices and subscriptions. You can configure the SMTP server when you create the organization account in Juniper Security Director. You can update the SMTP details on the Organization page. [See About the Organization Page.]

Command-Line Interface (CLI)

CLI—The CLI helps you in identifying and troubleshooting issues that you might encounter on Juniper Security Director. You can execute various commands through the CLI to perform functions such as examining details about the system and network, viewing logs, and verifying the current status of different services. This helps in managing and maintaining the security infrastructure efficiently. [See CLI Overview.]