Security

 View Only
last person joined: 5 days ago 

Securing your network and related platform configuration and troubleshooting with Juniper security technologies including Advance Threat Prevention, Cloud-Based Management Services, Cloud-delivered Security, Cloud Workload Protection, DDoS, Juniper Secure and other solutions.

Configuration pushed to the SRX in SkyATP with Juniper Connnected Security solution

  • 1.  Configuration pushed to the SRX in SkyATP with Juniper Connnected Security solution

    Posted 17 days ago

    Hello,

    I am using Security Director with Policy Enforcer to test SkyATP with Juniper connected security (SD v19.4R1 and ATP Cloud v3)
     
    I am configuring the below Threat Prevention Policy for HTTP traffic and Infected host profile with threat score of 7. 

    It looks like the TPP is pushed to the vSRX correctly, however, the Infected host profile is incorrect as you can see that there is only one rule in the infected host profile which has all the threat levels (1-10) with action block+drop.

    I believe that the correct infected host profile config should have two rules : 1st rule that includes threat levels 1-6 with action permit.  2nd rule that includes threat levels 7-10 with action drop+block.

    Any idea why the config is pushed like this ?

     



    ------------------------------
    YASSER
    ------------------------------