Example: Configure Juniper Sky ATP for vSRX
This example shows how to configure Juniper Sky™ Advanced Threat Prevention (Juniper Sky ATP) on a vSRX instance that is deployed in a virtual private cloud (VPC).
Before You Begin
Ensure that you have installed and launched a vSRX instance in a VPC.
Overview
You can use Juniper Sky ATP, a cloud-based solution, along with vSRX to protect all hosts in your network against evolving security threats.
Juniper Sky ATP Configuration
Procedure
Step-by-Step Procedure
To configure Juniper Sky ATP on a vSRX instance:
Log in to the vSRX instance using SSH and start the CLI.
root@% cli root@>
Enter configuration mode.
root@> configure [edit] root@#
Set up the correct data interface for the active advanced antimalware (AAMW) service instead of using the default fxp0 interface.
root@#
set services advanced-anti-malware connection source-interface ge-0/0/0.0Configure NAT.
root@# set security nat source rule-set rs1 from zone trust root@# set security nat source rule-set rs1 to zone untrust root@# set security nat source rule-set rs1 rule r1 match source-address 0.0.0.0/0 root@# set security nat source rule-set rs1 rule r1 match destination-address 0.0.0.0/0
root@# set security nat source rule-set rs1 rule r1 then source-nat interfaceSet up virtual routing instance for the correct data interface for AAMW service.
root@# set routing-instances vsrx-vr1 instance-type virtual-router root@# set routing-instances vsrx-vr1 routing-options static route 0.0.0.0/0 next-hop 10.4.1.1 root@# set routing-instances vsrx-vr1 interface ge-0/0/0.0 root@# set routing-instances vsrx-vr1 interface ge-0/0/1.0
Verify the configuration.
root@# commit check configuration check succeeds
Commit the configuration to activate it on the vSRX instance.
root@# commit commit complete
Optionally, you can verify the configuration by running the following show commands in the configuration mode:
show services advanced-anti-malware connection | display set
show security nat | display set
show routing-instances vsrx-vr1 | display set