Juniper Apstra Demo: Data Center Automated Conflict Resolution and Policy Assurance
Watch for a more efficient security policy.
In this three minute demo, you’ll learn firsthand how Apstra can create and manage security policies efficiently on your data center fabric, ensuring policies are always compliant if conflicts arise. When conflicts do arise, Apstra can automatically remediate. Watch now and see how easy it is to bring more secure operations to your data center.
You’ll learn
How Apstra uses advanced capabilities to manage conflicts between policies
How to create settings within Apstra to prioritize specific security policies
Who is this for?
Transcript
0:01 [Music]
0:06 abstra can create and manage policies
0:09 efficiently on your data center fabric
0:11 making sure policies are always
0:13 compliant if conflicts arise abstract
0:16 can automatically remediate
0:18 here we have created a number of
0:20 security policies
0:22 we are allowing https outbound from the
0:26 red routing Zone
0:28 allowing icmp between a couple of
0:31 virtual networks as well as SSH
0:34 and then we have some deny policies
0:37 between the external networks and the
0:39 internal routing zones
0:42 red blue in the default routing Zone
0:44 abstra has advanced capabilities to
0:47 manage conflicts between policies to
0:49 show you how that works let's look at
0:51 the settings
0:52 first of all we can see that we would
0:54 like to prioritize more specific
0:56 policies this means that if you are
0:58 allowing a SSH from a particular host
1:00 but later on in the policy set you want
1:03 to deny SSH from the entire network that
1:06 that host is on abstra will
1:08 automatically prioritize the more
1:10 specific policy over the more generic
1:12 policy
1:14 so let's see what happens when we do
1:16 that if we go back to our policies we
1:19 can see allow https out
1:23 now for demo purposes I am going to
1:26 create a more specific policy that will
1:27 include that policy
1:30 I will call this policy block https out
1:38 and instead of choosing routing Zone
1:40 which that policy that I showed you
1:42 earlier uses I will choose a virtual
1:44 Network within that routing Zone
1:47 we'll now pick a particular virtual
1:49 Network and we'll say the destination is
1:52 an external endpoint an endpoint is
1:54 basically just a predefined address or a
1:57 subnet
2:01 so let's add a new policy and call it
2:03 deny https
2:11 choose deny and for Destination Port I
2:14 will use
2:15 443 click create
2:20 we can see right away that abstra is
2:22 alerting us that it has automatically
2:24 resolved this policy conflict
2:27 and if we take a look in the conflict
2:29 section here on the right side of the
2:30 screen we can see what's going on so as
2:33 I had said before the more specific
2:35 policy that is one single network will
2:38 be prioritized over the more generic
2:40 policy based on my prior settings
2:42 allowing the red routing Zone to use
2:44 https outbound
2:48 thank you for watching
2:50 foreign
2:53 [Music]