Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

Configuration pushed to the SRX in SkyATP with Juniper Connnected Security solution

  • 1.  Configuration pushed to the SRX in SkyATP with Juniper Connnected Security solution

    Posted 01-12-2023 09:35

    Hello,

    I am using Security Director with Policy Enforcer to test SkyATP with Juniper connected security (SD v19.4R1 and ATP Cloud v3)
     
    I am configuring the below Threat Prevention Policy for HTTP traffic and Infected host profile with threat score of 7. 

    It looks like the TPP is pushed to the vSRX correctly, however, the Infected host profile is incorrect as you can see that there is only one rule in the infected host profile which has all the threat levels (1-10) with action block+drop.

    I believe that the correct infected host profile config should have two rules : 1st rule that includes threat levels 1-6 with action permit.  2nd rule that includes threat levels 7-10 with action drop+block.

    Any idea why the config is pushed like this ?

     



    ------------------------------
    YASSER
    ------------------------------