Juniper SRX Firewall Out-of-the-box Response Integration

Juniper SRX Firewall Out-of-the-box Response Integration

To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.

In this article, you will find out how to configure Juniper SRX Firewall to receive and block adversaries detected by Lumu and improve the detection & response capabilities of your organization.

Requirements

  1. A valid license for Juniper Firewall
    1. Standard License or above
  2. Juniper SSL proxy support
    1. All public certificates must be manually imported
  3. An active Lumu defender subscription

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the Integrations screen. Locate the Juniper SRX Firewall integration in the available apps area and click to add, then click to view details.

2. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.

3. To generate the integration URL, you must add a description and select the threat types you want to include in the list. Now, create the integration.

4. Once you create the integration, you will be provided with the Integration URL:

Setup Juniper Firewall via Juniper Policy Enforcer

If you are using Juniper Policy Enforcer, you only need to add the Lumu integration URL obtained in the previous step above to your Firewall’s policies as a custom feed by following the instructions provided in this guide by Juniper, this would conclude the integration procedure. 

Setup Juniper Firewall via Lumu Integration Tool

If by any chance you do not have the Juniper Policy Enforcer available to complete the Juniper SRX Firewall OOTB response integration, it is possible to carry out this procedure using a tool provided by Lumu. Below, you will find the required steps to complete this integration procedure. 

The Juniper Firewall Out-of-the-box response integration is carried out via Local Web Filtering provided by Unified Threat Management (UTM). If you wish to learn more about Web Filtering, refer to Juniper's official documentation.

J-Web Super-User Creation

1. First, you must select Device Administration

2. In this section, select the User Management subsection


3. Once there, select the plus +” button


4. A new form will appear which will allow you to create the new “super-user” required for the procedure. Enter all the required information. To learn more about this procedure and its parameters, refer to Juniper’s official documentation.


5. Now, you must enable the appropriate authentication method for this user, in this case the password authentication method.


6. Once set, a new commit will be created to save the configuration. Follow the provided instructions. 


7. This submenu will appear, select Commit Configuration as instructed:


8. Wait for the configuration to be set and for the changes to be saved. You will see the following confirmation.


Junos Configuration

To add SSL proxy support, you must manually import all the public certificates maintained by the Mozilla Foundation, so please download the full pem package. Now, extract the Mozilla CA certificates. After pushing the package into the Firewall (you can use your preferred SCP client), access the Firewall using SSH and issue the following commands:

root@:~ # cli
root> request security pki ca-certificate ca-profile-group load ca-group-name ca-manual filename /var/tmp/firefox-all.pem

Lumu Juniper SRX Integration Tool

Now, it is time to use the Lumu Juniper SRX Integration Tool. In the links below, you can find different repositories where the required code and instructions are provided. You can choose the one that best fits your needs and run the code using the tool that you prefer. 
  1. Source Code repository
  1. Docker Hub repository

Juniper Further Steps

After running the integration tool and activating the integration for the first time, you will have a new Web Filtering Profile called lumu-detections . You need to use this profile inside a new or existent UTM Policy. This UTM policy must be used within the Security Policy found in the Advanced Security options.

    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • SonicWall Firewall Simplified Out-of-the-Box Response Integration

          Requirements SonicWall Firewall SonicWall Operating System 6.5 or 7 For SonicOS 6.5, the integration is tested with SonicOS 6.5.4.5-53n or above. Please follow the instructions in the corresponding section to deploy it. Lumu License Lumu Defender ...

        • Check Point Next Generation Firewall (NGFW) Out-of-the-box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. This article shows how to create an Automated Intelligence Feed List using Check Point Next-Gen Firewall (NGFW). Requirements Check Point NGFW Gaia OS ...

        • Netgate pfSense® Firewall Out-of-the-box Response Integration

          This integration lets you generate integration URLs with customized lists according to the needs of your organization. With Threat Types lists, you can define the type of adversary to be included in your lists. To learn more about Out-of-the-box ...

        • Cisco Firepower Out-of-the-box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Cisco Firepower to receive and block adversaries detected by Lumu and improve the detection & ...

        • WatchGuard Firebox Firewall Custom Response Integration

          Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...