Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

user-identification (Services)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 12.1X47-D10.

logical-domain-identity-management option introduced in Junos OS Release 19.3R1.

Description

Configure the integrated user firewall feature, including access to the Active Directory domain and domain controller, IP address-to-user mapping, and user-to-group mapping. One or two Active Directories are allowed under one domain. The IP address-to-user mapping and user-to-group mapping are configured per domain.

Options

authentication-entry-timeout minutesTimeout interval starting from the Active Directory/domain controller login time, the last active session, or the last successful probe. A setting of 0 means the authentication does not need a timeout. We recommend that you configure a setting of 0 when you disable on-demand-probe to prevent someone from accessing the Internet without logging in again.

Range: 10 through 1440 minutes

Default: 30 minutes

filterOptional. Range of IP addresses that needs to be monitored or not monitored.
include addressInclude IP address or range. Maximum of 20 addresses.
exclude addressExclude IP address or range. Maximum of 20 addresses.
no-on-demand-probeDo not use traffic to discover user. Default is disabled.
wmi-timeout seconds(Optional) Configures the number of seconds that the domain PC has to respond to the SRX Series device’s query through WMI/DCOM.
  • If the PC responds within that timeframe to the WMI query, the SRX creates an authentication entry for this PC.

  • If the PC does not respond within that timeframe, the WMI query failed. In the case of a failed query, if the SRX had an authentication entry about the queried PC before the WMI query, that authentication entry is deleted. If the SRX had no authentication entry before the WMI query, the SRX does not create an authentication entry.

Range: 3 through 120 seconds

Default: 10 seconds

logical-domain-identity-managementConfigures the logical domain identity management.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.