To learn more about Out-of-the-box Integrations and their benefits, please refer to
this article.
In this article, you will find out how to configure Juniper SRX Firewall to receive and block adversaries detected by Lumu and improve the detection & response capabilities of your organization.
Requirements
-
A valid license for Juniper Firewall
-
Standard License or above
-
Juniper SSL proxy support
-
All public certificates must be manually imported
-
An active Lumu defender subscription
Add Integration
1. Log in to your Lumu account through the Lumu Portal and navigate to the Integrations screen. Locate the Juniper SRX Firewall integration in the available apps area and click to add, then click to view details.
2. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.
3. To generate the integration URL, you must add a description and select the threat types you want to include in the list. Now, create the integration.
4. Once you create the integration, you will be provided with the Integration URL:
Setup Juniper Firewall via Juniper Policy Enforcer
If you are using Juniper Policy Enforcer, you only need to add the Lumu integration URL obtained in the previous step above to your Firewall’s policies as a custom feed by following the instructions provided in
this guide by Juniper, this would conclude the integration procedure.
If by any chance you do not have the Juniper Policy Enforcer available to complete the Juniper SRX Firewall OOTB response integration, it is possible to carry out this procedure using a tool provided by Lumu. Below, you will find the required steps to complete this integration procedure.
The Juniper Firewall Out-of-the-box response integration is carried out via Local Web Filtering provided by Unified Threat Management (UTM). If you wish to learn more about Web Filtering, refer to
Juniper's official documentation. J-Web Super-User Creation
1. First, you must select Device Administration
2. In this section, select the User Management subsection
3. Once there, select the plus “+” button
4. A new form will appear which will allow you to create the new “
super-user” required for the procedure. Enter all the required information. To learn more about this procedure and its parameters, refer to
Juniper’s official documentation.
5. Now, you must enable the appropriate authentication method for this user, in this case the password authentication method.
6. Once set, a new commit will be created to save the configuration. Follow the provided instructions.
7. This submenu will appear, select Commit Configuration as instructed:
8. Wait for the configuration to be set and for the changes to be saved. You will see the following confirmation.
Junos Configuration
To add SSL proxy support, you must manually import all the public certificates maintained by the Mozilla Foundation, so please download
the full pem package. Now, extract the Mozilla CA certificates. After pushing the package into the Firewall (you can use your preferred SCP client), access the Firewall using SSH and issue the following commands:
root@:~ # cli
root> request security pki ca-certificate ca-profile-group load ca-group-name ca-manual filename /var/tmp/firefox-all.pem
Now, it is time to use the Lumu Juniper SRX Integration Tool. In the links below, you can find different repositories where the required code and instructions are provided. You can choose the one that best fits your needs and run the code using the tool that you prefer.
-
Source Code repository
-
Docker Hub repository
Juniper Further Steps
After running the integration tool and activating the integration for the first time, you will have a new Web Filtering Profile called
lumu-detections
. You need to use this profile inside a new or existent UTM Policy. This UTM policy must be used within the Security Policy found in the
Advanced Security
options.