Deployment of Ivanti Policy Secure in Juniper SDSN Environment

This section describes the integration of Ivanti Policy Secure in Juniper SDSN environment. Ivanti Policy Secure receives the threat alert information from Juniper SDSN solution and takes an action at the endpoint based on the admission control policies.

In this example, the endpoint is connected to a third-party switch. The switch has 802.1X authentication enabled. The switch authenticates 802.1X requests through a Ivanti Policy Secure server

1. The endpoint authenticates to the network through 802.1X or through MAC-based authentication.

2. User downloads a file from the Internet. The perimeter firewall (SRX Series device) scans the file and, based on user-defined policies, sends the file to Sky ATP for analysis.

3. Sky ATP detects that the file contains malware, identifies the endpoint as an infected host, and notifies the SRX Series device and Policy Enforcer.

4. Policy Enforcer downloads the infected host feed and sends a threat action to Ivanti Policy Secure.

5. The Ivanti Policy Secure server quarantines/blocks the endpoint.
   Ivanti Policy Secure keeps track of the infected host and won’t allow an infected host to acquire full access until the endpoint gets disinfected. When the host is disinfected and cleared from Sky ATP or Juniper PE, Ivanti Policy Secure receives ‘clear’ event from Juniper PE (Connector), Ivanti Policy Secure also removes from its infected host list, and host will now be authenticated and gets assigned an appropriate role.

The enforcement of the user is also updated on the firewall.