Configuration

WAN Edge for SRX Platforms – Configuration Video Series

I’ll be walking you through a series of videos in the form of detailed configuration guides for our Mist AI driven SD1 solution supporting the SRX platforms. Okay, So I have divided these guides into two main parts. Part one is going to be an overview. We’re going to look at the network topology and...

Configure Sites and Variables

Go to Organization -> Site Configuration. We will configure 5 sites with the names depicted below. Make sure that in each Site you configure the root password for Switch and WAN-Router Management! Be sure to populated the root password for WAN Edges and Switches in the Site. The moment you activate a device to be...

Applications

  Applications For users to access applications, we will first define the Applications and then use Application Policies to permit or deny access.   Let’s now have a look how we can define Applications.   Go to Organization -> Applications.       In Mist WAN Assurance, we can define Applications in 3 ways: Custom...

Networks

During our WAN Design, we will create Networks that can later be used in Application Policies to access applications.   A Network is defined with: a unique Network Name Subnet IP/Prefix VLAN (optional) plus a list of options The Subnet IP/Prefix and VLAN can be defined with absolute values (e.g. 192.168.50.0/24, VLAN 50) or more...

Application Policies

    Application Policies (aka Security Policies) define who can access the Applications. Once we have created the Networks, Applications and Steering Profiles, we can combine all this in the Application Policies to define who has access to the Applications (or who has not), the selected paths for the traffic in Overlay and Underlay and...

SRX Hub Profiles

Create configuration for the two Hubs Warning It is mandatory (and a good practice anyway) that you create the configuration for all Hubs BEFORE the Spoke Templates. Create Hub Profile for first Hub Go to Organization -> Hub Profiles Note You can avoid the work creating this Profile if you simply import the shared JSON,...

SRX WAN Edge Templates

Go to Organization -> WAN Edge Templates. Note You can avoid the work creating this Template if you simply import the shared JSON discussed in other reference documentation. Remember you must do the Site assignments after this. Create your entire Spoke Template via GUI. Click on “Create Template” We create the Template for our Spokes....

Assign Spoke Templates to Sites

We go back to the Spoke Template and “Assign to Sites”. Then select only the three “spokeX-site” and “Apply”. The result should indicate 3 Sites (the wan edges change when devices get assigned the these) Onboard your Devices Now it’s time to use the Claim or Adopt Method to onboard the devices and see them...

Secure Edge Connector

  The AI Driven SD-WAN Secure Edge Connector (SEC) can provide connectivity to many SASE providers. This provides a simple augmentation of on-box IDS and URL filtering services.  The SEC provides simplified workflows for Juniper SASE, Zscaler as well as additional providers though the custom option.    Juniper Secure Edge is an advanced Security Scanner...

IDP-based threat detection

Before you start you will see IDP not activated independently if you already have the license deployed on it or not. Mist Cloud will handle downloading of signatures and enabling the IDP features. Intrusion detection is the process of monitoring the events occurring in your network and analyzing them for signs of possible incidents, violations,...

How to Enable App Visibility

This article explains how to enable or disable the App Visibility features at the gateway level and site level. Prerequisites to Enable App Visibility 1. Ensure that the SRX has the AppSecure license installed This information can be obtained from the SRX front panel on the Mist UI   Use of Log Source IP address/Interface...

SRX Service Status Feature

Feature Overview With the help of this feature you can monitor the service status of following in any of the SRX: EWF IDP App_Secure The following services on an SRX – showcase if configured: Whether the licenses are present Status of Service Status of all the features will look like following : "service_status": { "idp_status":...

Upgrading WAN Edge SRX

WAN Edge devices connected to Mist can be upgraded from the cloud. To schedule a device to download and upgrade to a specified version, navigate to your WAN Edge device page. From the utilities menu, select ‘Upgrade Firmware’ to initiate the upgrade operation. In the ‘Upgrade device firmware’ screen, there are several options for upgrading...