Juniper NETWORKS Advanced Threat Prevention Appliances User Guide

: June 15, 2024
: JUNIPER NETWORKS

Table of Contents

Juniper NETWORKS Advanced Threat Prevention Appliances
Table of Contents
Introduction to ATP Appliance
Cover page
Software Highlights
New and Changed Features
New and Changed Features
Documentation Updates
Software Installation and Upgrade Notes
Software Upgrades
Resolved Issues
Known Behavior
References
Read User Manual Online (PDF format)
Download This Manual (PDF format)

Juniper NETWORKS Advanced Threat Prevention Appliances

Specifications

Product Name: Juniper Advanced Threat Prevention Appliances
Release Version: 5.0.9
Published Date: 2023-12-01

Juniper Advanced Threat Prevention Appliances Release 5.0.9

Introduction to ATP Appliance

The Juniper Networks®Advanced Threat Prevention Appliances (ATP Appliances) provide continuous, multistage detection and analysis of Web, e-mail, and lateral spread traffic moving through the network. ATP Appliances collect information from multiple attack vectors by using advanced machine learning and behavioral analysis technologies to identify advanced threats in as little as 15 seconds.
Those threats are then combined with data collected from other security tools in the network, analyzed, and correlated, creating a consolidated timeline view of all malware events related to an infected host. After threats are identified, one-touch policy updates are pushed to inline tools to protect against a recurrence of advanced attacks.

Cover page

IN THIS SECTION

Software Highlights | 1

Software Highlights

Logical systems support for SRX Series Firewall
Unified logging
Extended Positive Hit Advanced Strike Engine (PHASE) database support

New and Changed Features

IN THIS SECTION

New and Changed Features |
2 Documentation Updates | 3

New and Changed Features

Logical systems support

We now support logical systems for SRX Series Firewall in the Juniper ATP Appliance portal. To configure logical systems, log in to the Juniper ATP Appliance portal, enroll the SRX Series Firewall with the ATP Appliance, and configure the SRX Series Firewall for the logical systems.

[See Configure Logical Systems.]

Unified logging
Juniper ATP Appliance can now send action and event logs to the SRX Series Firewall.

Extended PHASE database support

We now support extended Positive Hit Advanced Strike Engine (PHASE) database for Juniper ATP Appliance. This support is available for all three types of PHASE databases – hot db, complementary hot db and full db.

Support for TLS version 1.2

We now support Transport Layer Security (TLS) version 1.2 for Juniper ATP Appliance.

Documentation Updates

Rebranding of Juniper Networks® Advanced Threat Prevention Appliances (ATP Appliances)—Juniper Networks® Advanced Threat Prevention (JATP) Appliance is now referred as ATP Appliance and vJATP as ATP Virtual Appliance.

Software Installation and Upgrade Notes

IN THIS SECTION

Software Upgrades—ATP Appliance
Private Mode | 3 Software Upgrades | 3

Software Upgrades—ATP Appliance Private Mode

In Private Mode, you must upgrade ATP Appliances manually. See the Juniper Advanced Threat Prevention Appliance—Private Mode Guide for details.

Software Upgrades

Software upgrades to the ATP Appliances occur automatically. The appliance checks for new software and content updates every day at regular intervals, and automatically applies those updates. See the Operator’s Guide for details.

NOTE

Unless you are using ATP in Private Mode, you should not perform a manual software upgrade of the ATP Appliances. If you want a particular software version installed on the appliance, contact Juniper Networks Technical Assistance Center (JTAC) for assistance.
For existing installations, ISO files posted to Juniper.net should be used only to recover from critical failures under exceptional circumstances with the guidance of JTAC or a sales engineer.

Resolved Issues

There are no bug fixes in this release for Juniper ATP Appliance.

Known Behavior

This section lists information about product behavior for the hardware and software of ATP Appliances.

When integrating ATP Appliances with an SRX Series device, you cannot use fxp0 interfaces to communicate with ATP Appliances. You must use a separate revenue interface. See the JATP and SRX Series Integration Guide for details.
Backup and Restore is only for the Web UI configuration and does not include all incidents and events.
Alerts are private and are visible only to the user who created them. In addition to the author, you can create additional users (or groups) who can view these private alerts. These users (or groups), users can view unexpected alerts that are not visible in their own views.
ATP virtual appliances do not have VMware tools installed. You must power off the appliance for migration and/or cloning by using the CLI.
Alerts for command-and-control (C&C) traffic are sent only at initial occurrence to avoid alert fatigue.
The system does not enforce resource requirements for disk, RAM, and CPU. Although installations with limited resources might initially work, they eventually exhibit issues.
Both ATP Appliance Core and All-in-One devices require Internet access. Other products might report a health alert for ‘Internet’; You can disregard those alerts.
You can deploy ATP appliances as an e-mail collector. There is no separate orderable SKU for this deployment. You can repurpose any of the ATP appliances for this function.

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Copyright © 2023 Juniper Networks, Inc. All rights reserved.