Junos Space Developer
Highlighted
Junos Space Developer

Sky ATP with vSRX guide?

‎08-30-2017 02:34 AM

Hi All,

 

 

Appreciate if someone can guide me how to install Sky ATP and integrate with vSRX. I'm already add vSRX into Sky ATP and already install Policy Enforcer.

 

Then i stuck not sure what the next step. Do i need to add addtional configuration in vSRX to make sure it can integrate with Sky ATP? Appreciate someone can give url or blog that i can refer from step 1 until it can be use.

 

 

Thanks

3 REPLIES 3
Highlighted
Junos Space Developer

Re: Sky ATP with vSRX guide?

‎08-30-2017 05:22 PM

This is a pretty good check list.  From your description, I think you have completed step 1 of 4 listed here.

 

https://www.juniper.net/documentation/en_US/release-independent/policy-enforcer/topics/concept/junos...

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
Junos Space Developer

Re: Sky ATP with vSRX guide?

‎09-05-2017 10:00 AM

Hi Spuluka,

 

Below is my output. How i can the threat will display on SD (dashboard) for Malware? Is there any method that i can simulate the SD succesful integrated with Skt Atp?

 

test@vSRX-LAB> show services advanced-anti-malware statistics
Advanced-anti-malware session statistics:
  Session interested:    59
  Session ignored:       52
  Session hit blacklist: 0
  Session hit whitelist: 0
                         Total      HTTP       HTTPS      SMTP       SMTPS
  Session active:        0          0          0          0          0
  Session blocked:       0          0          0          0          0
  Session permitted:     5          5          0          0          0

Advanced-anti-malware file statistics:
                                Total      HTTP       HTTPS      SMTP       SMTPS
  File submission success:      0          0          0          0          0
  File submission failure:      0          0          0          0          0
  File submission not needed:   5          5          0          0          0
  File verdict meets threshold: 0          0          0          0          0
  File verdict under threshold: 0          0          0          0          0
  File fallback blocked:        0          0          0          0          0
  File fallback permitted:      0          0          0          0          0
  File hit submission limit:    0          0          0          0          0

Advanced-anti-malware email statistics:
                            Total      SMTP       SMTPS
  Email processed:          0          0          0
  Email permitted:          0          0          0
  Email blocked:            0          0          0
  Email tag-and-delivered:  0          0          0
  Email quarantined:        0          0          0
  Email fallback blocked:   0          0          0
  Email fallback permitted: 0          0          0
  Email hit whitelist:      0          0          0
  Email hit blacklist:      0          0          0

test@vSRX-LAB> show services advanced-anti-malware status
Server connection status:
  Server hostname: srxapi.eu-west-1.sky.junipersecurity.net
  Server port: 443
    Control Plane:
      Connection time: 2017-09-06 00:44:33 MYT
      Connection status: Connected
    Service Plane:
      fpc0
        Connection active number: 1
        Connection retry statistics: 88

 

 

test@vSRX-LAB> show configuration services advanced-anti-malware
connection {
    url https://srxapi.eu-west-1.sky.junipersecurity.net;
    authentication {
        tls-profile aamw-ssl;
    }
}
policy aamw_policy1 {
    http {
        inspection-profile default_profile;
        action permit;
        notification {
            log;
        }
    }
    verdict-threshold recommended;
}

 

test@vSRX-LAB> show configuration security policies from-zone LAN-SEGMENT to-zone UNTRUST-INTERNET
policy TEST-ANTI-SPAM {
    match {
        source-address any;
        destination-address any;
        application junos-smtp;
    }
    then {
        permit {
            application-services {
                utm-policy mix-policy;
            }
        }
    }
}
policy PERMIT-ALL {
    match {
        source-address any;
        destination-address any;
        application any;
    }
    then {
        permit {
            application-services {
                idp;
                utm-policy mix-policy;
                application-firewall {
                    rule-set Apps-Secure;
                }
                security-intelligence-policy secintel-policy1;
                advanced-anti-malware-policy aamw_policy1;
            }
        }
        log {
            session-init;
            session-close;
        }
    }
}
policy DENY-ALL {
    match {
        source-address any;
        destination-address any;
        application any;
    }
    then {
        deny;
    }
}

Highlighted
Junos Space Developer

Re: Sky ATP with vSRX guide?

‎09-06-2017 03:29 PM

You can add SkyATP reports to the dashboard here.

 

https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/task/operational/sky-...

 

I'm not sure what you mean by simulate, are you looking to have simulated attacks to detect?

I'm not aware of that being available.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home