All-in-One Quick Start Guide
Published
2020-11-11
ii
Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA
408-745-2000 www.juniper.net
JuniperNetworks,theJuniperNetworkslogo,Juniper,andJunosareregisteredtrademarksofJuniperNetworks,Inc. in theUnitedStatesandothercountries. Allothertrademarks,servicemarks,registeredmarks,orregisteredservicemarks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
All-in-OneQuickStartGuide
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
TheJuniperNetworksproductthatisthesubjectofthistechnicaldocumentationconsistsof(orisintendedforusewith) JuniperNetworkssoftware.UseofsuchsoftwareissubjecttothetermsandconditionsoftheEndUserLicenseAgreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.
iii
About the Documentation | iv
Documentation and Release Notes | iv
Documentation Conventions | iv
Documentation Feedback | vii
Requesting Technical Support | vii
Self-Help Online Tools and Resources | viii
Creating a Service Request with JTAC | viii
1All-in-One Quick Start Guide
Overview | 10
Manager of Central Managers (MCM) | 10
Extensible Installations | 11
Firewall & Management Network Interface Connectivity | 11
Installing the Juniper ATP Appliance All-in-One Hardware Appliance | 12
To Install the Juniper ATP Appliance Server | 12
Configuring the Juniper ATP Appliance All-in-One System | 14
Logging into the Juniper ATP Appliance All-in-One CLI | 14
Changing the Appliance Type | 18
FIPS Mode Overview | 20
Enable FIPS Mode | 21
Reset Passwords and Keys | 23
Setting the Same Device Key Passphrase on all Juniper ATP Appliance Devices | 24
Verifying Configurations | 25
Accessing the Juniper ATP Appliance Central Manager Web UI | 26
To Log in to the Central Manager Web UI | 26
Setting SSH Honeypot Detection | 27
Resetting the Administrator Password using CLI | 28
iv
IN THIS SECTION
Documentation and Release Notes | iv
Documentation Conventions | iv
Documentation Feedback | vii
Requesting Technical Support | vii
Use this guide to install and configure the JATP All-in-One system for inspecting network traffic and analyzing potential malware threats.
To obtain the most current version of all Juniper Networks® technical documentation, see the product documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
Iftheinformationinthelatestreleasenotesdiffersfromtheinformationinthedocumentation,followthe product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
Table 1 on page v defines notice icons used in this guide.
v
Table 1: Notice Icons |
|
|
Icon |
Meaning |
Description |
|
Informational note |
Indicates important features or instructions. |
|
Caution |
Indicates a situation that might result in loss of data or hardware |
|
|
damage. |
|
Warning |
Alerts you to the risk of personal injury or death. |
|
Laser warning |
Alerts you to the risk of personal injury from a laser. |
|
Tip |
Indicates helpful information. |
|
Best practice |
Alerts you to a recommended use or implementation. |
Table 2 on page v defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
Convention |
Description |
Examples |
Bold text like this |
Represents text that you type. |
To enter configuration mode, type |
|
|
the configure command: |
|
|
user@host> configure |
Fixed-width text like this |
Represents output that appears on |
user@host> show chassis alarms |
|
the terminal screen. |
No alarms currently active |
|
|
Italictextlikethis |
• Introducesoremphasizesimportant |
|
new terms. |
|
• Identifies guide names. |
|
• Identifies RFC and Internet draft |
|
titles. |
•A policy term is a named structure that defines match conditions and actions.
•JunosOSCLIUserGuide
•RFC 1997, BGPCommunities Attribute
vi
Table 2: Text and Syntax Conventions (continued)
Convention |
Description |
Italictextlikethis |
Represents variables (options for |
|
which you substitute a value) in |
|
commands or configuration |
|
statements. |
Examples
Configure the machine’s domain name:
[edit]
root@# set system domain-name domain-name
Text like this |
Represents names of configuration |
|
statements, commands, files, and |
|
directories; configuration hierarchy |
|
levels; or labels on routing platform |
|
components. |
•To configure a stub area, include the stub statement at the [edit protocols ospf area area-id] hierarchy level.
•The console port is labeled
CONSOLE.
< > (angle brackets) |
Encloses optional keywords or |
|
variables. |
| (pipe symbol) |
Indicates a choice between the |
|
mutually exclusive keywords or |
|
variablesoneithersideofthesymbol. |
|
The set of choices is often enclosed |
|
in parentheses for clarity. |
stub <default-metric metric>;
broadcast | multicast
(string1 | string2 | string3)
# (pound sign)
[ ] (square brackets)
Indention and braces ( { } )
; (semicolon)
Indicatesacommentspecifiedonthe |
rsvp{#RequiredfordynamicMPLS |
same line as the configuration |
only |
statement to which it applies. |
|
Enclosesavariableforwhichyoucan |
community name members [ |
substitute one or more values. |
community-ids ] |
Identifies a level in the configuration |
[edit] |
hierarchy. |
routing-options { |
|
static { |
Identifies a leaf statement at a |
route default { |
configuration hierarchy level. |
nexthop address; |
|
retain; |
|
} |
|
} |
|
} |
GUI Conventions
vii
Table 2: Text and Syntax Conventions (continued) |
|
|
Convention |
Description |
Examples |
Bold text like this |
Represents graphical user interface |
• IntheLogicalInterfacesbox,select |
|
(GUI) items you click or select. |
All Interfaces. |
|
|
• To cancel the configuration, click |
|
|
Cancel. |
> (bold right angle bracket) |
Separates levels in a hierarchy of |
Intheconfigurationeditorhierarchy, |
|
menu selections. |
select Protocols>Ospf. |
We encourage you to provide feedback so that we can improve our documentation. You can use either of the following methods:
•Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper Networks TechLibrary site, and do one of the following:
•Click the thumbs-up icon if the information on the page was helpful to you.
•Click the thumbs-down icon if the information on the page was not helpful to you or if you have suggestions for improvement, and use the pop-up form to provide feedback.
•E-mail—Sendyourcommentstotechpubs-comments@juniper.net.Includethedocumentortopicname, URL or page number, and software version (if applicable).
TechnicalproductsupportisavailablethroughtheJuniperNetworksTechnicalAssistanceCenter(JTAC). If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
viii
covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.
•JTACpolicies—ForacompleteunderstandingofourJTACproceduresandpolicies,reviewtheJTACUser Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
•Productwarranties—Forproductwarrantyinformation,visithttps://www.juniper.net/support/warranty/.
•JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.
Forquickandeasyproblemresolution,JuniperNetworkshasdesignedanonlineself-serviceportalcalled the Customer Support Center (CSC) that provides you with the following features:
•Find CSC offerings: https://www.juniper.net/customers/support/
•Search for known bugs: https://prsearch.juniper.net/
•Find product documentation: https://www.juniper.net/documentation/
•Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
•Download the latest versions of software and review release notes: https://www.juniper.net/customers/csc/software/
•Search technical bulletins for relevant hardware and software notifications: https://kb.juniper.net/InfoCenter/
•Join and participate in the Juniper Networks Community Forum: https://www.juniper.net/company/communities/
•Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
You can create a service request with JTAC on the Web or by telephone.
•Visit https://myjuniper.juniper.net.
•Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see https://support.juniper.net/support/requesting-support/.
1
CHAPTER
Overview | 10
Manager of Central Managers (MCM) | 10
Extensible Installations | 11
Installing the Juniper ATP Appliance All-in-One Hardware Appliance | 12
Configuring the Juniper ATP Appliance All-in-One System | 14
Changing the Appliance Type | 18
FIPS Mode Overview | 20
SettingtheSameDeviceKeyPassphraseonallJuniperATPApplianceDevices | 24
Verifying Configurations | 25
Accessing the Juniper ATP Appliance Central Manager Web UI | 26
Setting SSH Honeypot Detection | 27
Resetting the Administrator Password using CLI | 28