Menu
HPE ArcSight Connector supported platform for installation. What is SecureConnector.exe? SecureConnector.exe is digitally signed by ForeScout Technologies Inc. Did you install it yourself or did it come bundled with some other software? ForeScout install on the machine. Depending on your Internet Explorer settings. Installing the Collector.
ON THIS PAGE
This topic provides instructions on how to integratethe third-party device ForeScout CounterACT with Juniper NetworksConnected Security solution to remediate threats from infected hostsfor enterprises. ForeScout CounterACT is an agentless security appliancethat dynamically identifies and evaluates network endpoints and applicationsthe instant they connect to your network. CounterACT applies an agentlessapproach and integrates with Juniper Connected Security to block orquarantine infected hosts on Juniper Networks’ devices, third-partyswitches, and wireless access controllers with or without 802.1x protocolintegration.
To integrate ForeScout CounterACT with Juniper Connected Security,you must create a connector in Policy Enforcer that enables CounterACTto connect to your secure fabric and create policies for CounterACT.Before you configure the ForeScout CounterACT connector, you mustensure that ForeScout CounterACT is installed and running with theOpen Integration Module (OIM). The ForeScout OIM consists of two plug-ins:Data Exchange (DEX) and Web API. Install both the plug-ins and ensurethat they are running. You must configure these plug-ins before youcreate a connector in Policy Enforcer.
If you do not have ForeScout CounterACT installed in your network,obtain an evaluation copy from here.
This topic includes the following sections:
Configuring the DEX Plug-in
The DEX plug-in receives API information about infected hostsfrom the ForeScout CounterACT connector. Messages from infected hostsare either blocked or quarantined.
When you configure the DEX plug-in, you also configure a newproperty, Test, for DEX. When configured, this property ensures thatWeb services are available for Policy Enforcer, monitors the networkstatus, and validates usernames and passwords.
- Select Options > CounterACTWeb Services > Add.The Add page appears.
- In theName field, enter the name for the CounterACT Web service account.Enter this name in the DEX User Role field (see Step 3) whileconfiguring the ForeScout connector in Security Director.
- In the Description field, enter a brief description ofthe purpose of the Web service account.
- In theUsername field, enter the username that will be used to authorizeCounterACT to access the Web service account.
- In thePassword field, enter the password that will be used to authorizeCounterACT to access this Web service account.
- Click Add.The General pane of the Add Property from CounterACT Web Servicewizard opens, as shown in Figure 2.
- Add properties such as block, quarantine, and Test, asshown in Figure 3. You must include the Test property. Otherwise, you cannot addCounterACT as a third-party connector to Policy Enforcer successfully.
- In the Security Settings tab, click OK. The IP address appears in the IP AddressRange list, as shown in Figure 5.
The Add Credentials page appears.
The IP address appears in the IP Address Range list, as shownin Figure 7.
After you configure the DEX and Web API plug-ins, you need tocreate a connector for ForeScout CounterACT in Policy Enforcer.
To create a ForeScout CounterACT connector in Junos SpaceSecurity Director:
- Select Administration > Connectors.The Connectors page appears.
- Click the create icon (+).The Create Connector page appears.
- In theGeneral tab, select ForeScout CounterACT as the connector type andprovide the username, DEX user role, and password, as shown in Figure 8. ( The DEX user role isthe one that you created in Step 4).Specify 443 as the port number for communication.
- In the Network Details tab, configure the IP subnets,as shown in Figure 9. CounterACT treats the IP subnets as endpoints and takes action.
- In the Configuration tab, specify the Web API usernameand password, as shown in Figure 10.
- Click Infected Host Policy Enforcer ActionConnection StateAction Performed by CounterACTBlockedWiredApply access control list (ACL) to block inbound andoutbound traffic for a specific MAC address.WirelessApply WLAN block on the endpoint, which will block thetraffic based on the wireless MAC address.Dot1xApply CoA.QuarantinedWiredApply VLAN. This action is specified by Policy Enforcer.WirelessApply VLAN. This action is specified by Policy Enforcer.
Related Documentation