Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring IP Address Filters

 

Juniper Identity Management Service enables you to specify IP address ranges to include in or exclude from the reports the JIMS server sends to the SRX Series devices. For SRX Series devices running Junos OS Release Junos OS Release 15.1X49-D100, 17.4R1, or a later release, you can apply an IPv4 address filter. For SRX Series devices running Junos OS Release 18.3R1 or later, the JIMS server supports both IPv4 and IPv6 address filtering for the SRX Series devices in your network.

Configuring an IP filter on Juniper Identity Management Service enables you to apply IPv4 and/or IPv6 filters to all the SRX Series devices in your network. You can set the IP filters to include the IP address ranges that the SRX Series devices require or exclude the ranges that they do not require when collecting user identity information.

You can also use an IP filter to include or exclude domain PCs or network servers, either within an IP address range or with a specific IP address.

Note

Juniper Identity Management Service creates and maintains sessions for Active Directory domain controllers as well as domain PCs. This might result in the service attempting to send PC probes to the domain controllers. To avoid this behavior, add the IP addresses of the domain controllers as an excluded entry in the IP filter on Juniper Identity Management Service.

You can configure up to 64 include and exclude IP address ranges.

Note

Include filters take precedence over exclude filters for IP address ranges.

To include or exclude an IPv4 address range for SRX Series devices:

  1. In the navigation pane, select Settings and then select the IP Filters tab.
  2. To include or exclude an IPv4 address range, in the IPv4 Event Filter area, click Add. The IP Configuration page appears.

    Do the following:

    1. Select the Include or Exclude option button.
    2. Type the IP address range start address and end address. To specify a single IPv4 address, type the same IP address for the IP address range start address and end address.
    3. Click OK to save the settings.
  3. In the IPv6 event filter area, click Add to include or exclude an IPv6 address range for SRX Series devices running Junos OS Release 18.3R1 or later. The IP Configuration page appears. Note

    IPv6 filtering between the JIMS server and SRX Series devices is intended for support in a future Junos OS Release for SRX Series devices.

    Do the following:

    1. Select the Include or Exclude option button.
    2. Type the IP address range start address and end address. To specify a single IPv6 address, type the same IP address for the IP address range start address and end address.
    3. Click OK to save the settings.
  4. Click Save to save the settings.