SRX Services Gateway
SRX Services Gateway

Sky ATP config. advice

[ Edited ]
‎10-10-2019 07:39 AM

I have been working through the quick start instructions for configuring Sky ATP (free tier). I have used the following for reference:

 

1. https://www.juniper.net/documentation/en_US/release-independent/sky-atp/information-products/topic-c...

2. https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/topic-map/sky-atp-qui...

3. https://www.juniper.net/documentation/en_US/release-independent/sky-atp/information-products/topic-c...

 

Whilst articles 1 and 2 are essentially the same, 3 does differ. I have tried to reconcile the example configurations and have come up with the following:

 

set services advanced-anti-malware policy aamw_policy verdict-threshold recommended
set services advanced-anti-malware policy aamw_policy http action permit notification log
set services advanced-anti-malware policy aamw_policy http inspection-profile default_profile

set services security-intelligence profile secintel_profile category Infected-Hosts
set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 10
set services security-intelligence profile secintel_profile rule secintel_rule then action block drop
set services security-intelligence policy secintel_policy Infected-Hosts secintel_profile

set security policies from-zone Trust to-zone Untrust policy 1 match source-address any
set security policies from-zone Trust to-zone Untrust policy 1 match destination-address any
set security policies from-zone Trust to-zone Untrust policy 1 match application any
set security policies from-zone Trust to-zone Untrust policy 1 then permit application-services advanced-anti-malware-policy aamw_policy
set security policies from-zone Trust to-zone Untrust policy 1 then permit application-services security-intelligence-policy secintel_policy

 

One line i.e. set services security-intelligence profile secintel_profile rule secintel_rule then action block drop is different to the other 2 articles, which lists the action as permit i.e. the exact opposite. Which one is it?

 

Apart from the difference highlighted above, how does this config look for people who have been through this pain already?

1 REPLY 1
Highlighted
SRX Services Gateway

Re: Sky ATP config. advice

‎10-14-2019 12:40 AM

Is this the right forum to be asking about Sky ATP? Is there somewhere else I could try?

Feedback