Hello,
I am using Security Director with Policy Enforcer to test SkyATP with Juniper connected security (SD v19.4R1 and ATP Cloud v3)
I am configuring the below Threat Prevention Policy for HTTP traffic and Infected host profile with threat score of 7.
It looks like the TPP is pushed to the vSRX correctly, however, the Infected host profile is incorrect as you can see that there is only one rule in the infected host profile which has all the threat levels (1-10) with action block+drop.
I believe that the correct infected host profile config should have two rules : 1st rule that includes threat levels 1-6 with action permit. 2nd rule that includes threat levels 7-10 with action drop+block.
Any idea why the config is pushed like this ?
------------------------------
YASSER
------------------------------