I try to enroll SRX device with SkyATP .
But there is an error shown "error: [Error] Enrollment failed when communicating with cloud. Device has no license"
How I solve it?
The License was installed on SRX three days ago. This output as below
Time check : [OK]
[INFO] Try to get IP address for hostname amer.sky.junipersecurity.net
DNS check : [OK]
[INFO] Try to test SKYATP server connectivity
SKYATP reachability check : [OK]
[INFO] Try ICMP service in SKYATP
SKYATP ICMP service check : [OK]
[INFO] To-SKYATP connection is using ge-0/0/3.0, according to route
Interface configuration check : [OK]
Outgoing interface MTU is default value
[INFO] Check IP MTU with length 1472
IP Path MTU check : [OK]
IP Path MTU is 1472
SSL configuration consistent check : [Failure]
No SSL profile is configured for Advanced Anti-malware
"SSL configuration consistent check : [Failure]
No SSL profile is configured for Advanced Anti-malware"
SSL configuration consistency—Verifies that the SSL profile, client certificate and CA
exists in both the RE and the PFE
hence, pl follow the kb mentioned to create the SSL config, profile and Client cert with CA.
After I configured the SSL profile
I still face the same issues.
Is SSL profile nessessary for enroll SRX with SkyATP?
I think, SSL profile will be used when we need to detect the malware only
you will be needing it while detecting malware in ssl based encryped traffc.
can you paste your configuration?
Similar problem also for me... unbelivable these problems for SkyATP connection..... :-|
Any help for me?
root@vSRX-xxxxxxxxxxx_SERVER> op url https://euapac.sky.junipersecurity.net/v1/skyatp/ui_api/bootstrap/enroll/4o14glhh4tq9hl6h/xxxxxxxxxxxxxbx.slax Platform is supported by Sky ATP: VSRX. License found with name: Sky ATP. Enrolling with Sky ATP license serial number: xxxxxxxxxxxx. Version JUNOS Software Release [17.3R1.10] is valid for bootstrapping. Going to enroll single device for VSRX: xxxxxxxxx@xxxxxxxx with hostname vSRX-xxxx_SERVER. Application Signature DB version on this device is: 3062. Using latest version of Application Signature DB is recommended. [WARNING] Customized security-intelligence connection configurations detected. No changes will be made on existing security-intelligence configurations. [WARNING] If you would like to enroll this device to Sky ATP cloudfeeds, please remove your customized security-intelligence URL and authentication configurations. Remove related advanced-anti-malware service configurations... Remove related SSL service configurations... Remove related PKI configurations... Clear local certificate aamw-srx-cert... Clear key pair: aamw-srx-cert... Clear CA profile aamw-cloud-ca... Clear CA profile aamw-secintel-ca... Configure CA... Request aamw-secintel-ca CA... Wait aamw-secintel-ca CA download status... Load aamw-secintel-ca CA... Request aamw-cloud-ca CA... Wait aamw-cloud-ca CA download status... Load aamw-cloud-ca CA... Retrieve CA profile aamw-ca... CA certificate ready: aamw-ca... CA certificate ready: aamw-cloud-ca... CA certificate ready: aamw-secintel-ca... Generate key pair: aamw-srx-cert... Communicate with cloud... error: [Error] Enrollment failed when communicating with cloud. Device has no license: xxxxxxxxxxx@xxxxxxxxxxxxx Please contact JTAC for help.
License is active and just installed...
SkyATP in the cloud is logged in... :-\
I don't know in any way....
Many regards in advance
Juniper Networks’ User Experience team is conducting user research on Sky Advanced Threat Prevention (Sky ATP). To ensure that we build a simple, reliable, and efficient interface, we need your input. If you have experience with SkyATP, please join our study.
To participate in the study, please select a convenient time!
User Experience Researcher | Juniper Networks
Can you tell me if the Sky ATP license is evaluation or a demo license?
What is the output of diagnostic commands that the originator of this thread posted?
Problem has been solved with collaboration of jtac.
Because they "manually update their skyATP infrastracture" to allow my SRX to be enrolled.
In some of these case then..... only JTAC can help