Advanced Threat Prevention Appliance Datasheet

Download Datasheet

Product Overview

Advanced Threat Prevention Appliances are virtual on-premises devices that combine advanced threat detection with consolidated security analytics to protect organizations from known and unknown cyberattacks while improving the productivity of security operations teams.

Working with Juniper Networks SRX Series Firewalls, ATP Appliances detect Web, e-mail, and lateral traffic threats, blocking those threats if the firewall is deployed inline. 

ATP Appliances can also ingest logs from existing security devices and apply contextual analysis to provide a consolidated view of the threat landscape.

Man working in a dark office monitoring multiple monitor screens

Product Description

Juniper Networks® Advanced Threat Prevention Appliances address the need for an on-premises virtual threat detection and mitigation solution.

Based on scalability requirements, two versions of the virtual platform are available. The virtual version of the ATP Appliances, running on either VMware vSphere or ESXi, can be deployed with either 8 or 24 virtual CPU cores to process up to 116,000 files per day.

Juniper ATP Appliances collect web, e-mail, and lateral traffic using the Juniper Networks SRX Series Firewalls or its built-in collectors, making it an ideal fit for organizations employing multiple firewall solutions. Collected data is sent to an on-premises ATP Appliance for further processing by the ATP Appliance core, which identifies known and unknown threats and provides comprehensive analytics detailing the threat’s progression within the environment by mapping detections to the attack kill chain. Once a threat is detected, the ATP Appliance sends firewall policy updates to the SRX Series firewalls. The ATP Appliance can be configured to update policies on third-party firewalls from vendors such as Palo Alto Networks, Fortinet, and Cisco. JATP appliances work with Juniper Networks EX Series Ethernet Switches, Juniper Networks QFX Series switches, or other third-party switches. It isolates threats and leverages one-touch mitigation to quarantine compromised hosts, limiting lateral spread.

Juniper Networks ATP Appliance architecture diagram

Figure 1: Juniper Networks ATP Appliance architecture

Architecture and Key Components

The on-premises ATP solution can use SRX Series firewalls as collectors for inline detection and blocking. JATP Appliances can also use their built-in collectors with third-party firewalls. For MSSP environments, the ATP Appliance can be deployed as a separate collector and core supporting multi-tenancy. A collector is deployed at each customer location, and a core or cluster of cores analyzes all traffic. The Juniper ATP Appliance can run in private mode for air-gapped environments, providing malware detection, mitigation, and even correlation when Internet access is unavailable.

Files and related executables collected across the network are delivered to the SmartCore detection and analytics engine on a virtualized ATP Appliance for further analysis. The SRX Series firewalls can block threats detected by the SmartCore engine.

ATP Appliances can also ingest logs from other identity and security solutions such as Active Directory, endpoint antivirus, firewalls, Secure Web Gateways (SWGs), intrusion detection systems, and endpoint detection and response tools. The logs can be ingested either directly from third-party devices or forwarded by existing security information and event management (SIEM)/syslog servers.

Table 1. Juniper Networks Advanced Threat Prevention Appliances Features and Benefits
Traffic InspectionProtects multiple vectors, including Web, e-mail, and lateral spreadProvides a broad range of protocol support to cover the most common methods for malware and ransomware distribution
Inline Threat MitigationOffers inline blocking when an SRX Series firewall is deployedOffers the ability to block known and unknown threats
Attack AnalyticsProvides a real-time and historical view of the threat landscape across the network, including from third-party security solutionsGives security operations employees visibility into correlated threat activity occurring inside their network, allowing them to identify high-priority threats quickly, understand how to respond, and/or quarantine to remediate the outbreak
Third-Party InteroperabilityIncludes comprehensive APIs and a custom log ingestion framework that easily integrate with third-party security devices, enabling threat log collection and aggregation from any security products already deployedEnsures easy integration with third-party security devices using APIs and supports threat log collection and aggregation from any existing security products
Centralized ManagementIncludes Manager of Central Managers (MCM) functionalityProvides comprehensive, centralized, single-pane-of-glass management of clustered core appliances in large deployments requiring multiple cores
Flexible DeploymentSupports virtual on-premises deploymentsProvides flexible options depending on your scalability and performance  requirements for threat processing and analytics
Distributed ArchitectureLeverages collectors that can be deployed at any number of network locations, all feeding into an analytics engine residing at headquarters or in the cloudIncreases threat coverage across your networks, including public and private clouds
ClusteringAllows clustering of multiple secondary cores via scalable architectureEnables a quick increase in threat process capacity if more than a single appliance is required
AuthenticationSupports access and authentication using SAML and RADIUSWorks with existing authentication solutions

Product Options

ATP Appliances are available with 8 or 24-core options to best fit the requirements for your network. The virtual appliances can be deployed in distributed mode with SmartCore and Fabric Collector installed on separate appliances.

Malware detection for MacOS is also supported. Customers must provide Mac mini hardware to be deployed as a secondary core. The MacOS sandboxing image is available on the ATP Appliances’ software downloads page.

Table 2. Virtual Appliance Performance
Product NameVirtual Memory/DiskCollector PerformanceE-Mail MTA ReceiverPerformance (Objects Detonations)1
1Numbers based on a traffic mix that approximates real-world performance.  Actual numbers may differ based on traffic mix, repeat objects, and other factors unique to user environments.
Virtual JATP Appliances solution (8-core CPU)32 GB/1.5 TB1.5 Gbps720,000Up to 46,000 objects/day
Virtual JATP Appliances solution (24-core CPU)96 GB/1.5 TB4 Gbps2.4 millionUp to 116,000 objects/day
Table 3. Virtual Appliance Hardware Specifications
Product NameHypervisor SupportVersions
Virtual JATP AppliancesVMware vSphere, ESXivSphere (5.5, 6.0, 6.5), ESXi (5.5.1, 5.5, 7.0)
JATP700 and JATP400 appliance image


Weight30.4 lbs (13.79kg)42 lbs (19 kg)
Dimensions (WxHxD)17.2 x 1.7 x 25.6 in (43.7 x 4.3 x 65 cm)17.2 x 3.5 x 24.8 in (43.7 x 8.9 x 63 cm)
Form Factor1 U (rack-mountable)2 U (rack-mountable)
AC Power Supply500 W high efficiency (94%+) AC-DC redundant power; AC input: -100 to -240 V, 50-60 Hz, 11-4.4 amp920 W high efficiency (94%+) AC-DC redundant power; AC input: -100 to -240 V, 50-60 Hz, 11-4.4 amp
DC Power Supply650 W high-efficiency redundant DC-to-DC power supply; DC input: 650 W; -44 to -74 VDC, 20 amp850 W/1010 W high-efficiency redundant DC-to-DC power supply; DC input: 850 W; -35 to -42 VDC, 30-25 amp
Fans1.6 x 1.6 x 2.2 in (4 x 4 x 5.6 cm) 13K-11K RPM counter rotating fan, RoHS/REACH1.6 x 1.6 x 2.2 in (4 x 4 x 5.6 cm) 13K-11K RPM counter-rotating fan, RoHS/REACH
Operating Temperature50° to 104° F (10° to 40° C)50° to 104° F (10° to 40° C)
Storage Temperature-40° to 158° F (-40° to 70° C)-40° to 158° F (-40° to 70° C)
Relative Humidity (Operating)8 to 90 percent noncondensing8 to 90 percent noncondensing
Relative Humidity (Storage)5 to 95 percent noncondensing5 to 95 percent noncondensing
Altitude (Operating)6500 ft max6500 ft max
Altitude (Storage)35,000 ft max35,000 ft max
Safety CertificationsCAN/CSA-C22.2 No. 60950-1 Safety of Information Technology Equipment
EN 60950-1
UL 60950-1 (2nd Edition)
IEC 60950-1: 2005/A2:2013
CAN/CSA-C22.2 No. 60950-1 Safety of Information Technology Equipment
EN 60950-1
UL 60950-1 (2nd Edition)
IEC 60950-1: 2005/A2:2013
Emissions Certifications47CFR Part 15, (FCC) Class A ICES-003 Class A
EN 55022 Class A
CISPR 22 Class A
EN 55024
EN 300 386
CNS13438 Class A
EN 61000-3-3 VCCI Class A KN22 Class A
EN 61000-3-2 BSMI CNS 13438
47CFR Part 15, (FCC) Class A ICES-003 Class A
EN 55022 Class A
CISPR 22 Class A
EN 55024
EN 300 386
CNS13438 Class A
EN 61000-3-3 VCCI Class A KN22 Class A
EN 61000-3-2 BSMI CNS 13438
CPUTen cores2x10 cores
Memory32 GB128 GB
Storage8 TB (4 x 2 TB), RAID 68x900 GB 2.5 in 10K SAS, RAID 6
Traffic Ports2xSFP+ 10GbE; 4xRJ-45 GbE2xSFP+ 10GbE; 4xRJ-45 GbE

Ordering Information

Juniper Networks Advanced Threat Prevention Appliances support flexible deployment options. Required components vary based on the deployment model.

  • Physical deployments require a physical ATP Appliance solution and an associated software subscription.
  • Virtual deployments require a software subscription only.

For information about the virtual ATP Appliance, software licensing, or answers to general ordering questions, please visit our How to Buy page at


About Juniper Networks

At Juniper Networks, we are dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality.


1000627 - 010 - EN MARCH 2023