Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Services Configuration Statement Hierarchy

Use the statements in the services configuration hierarchy to configure the following parts of the integrated ClearPass authentication and enforcement feature:

  • The authentication source and its characteristics, including setting the expiration time for user entries in the ClearPass authentication table.
  • The user query function and its parameters to allow the SRX Series device to connect to and query the ClearPass Policy Manager (CPPM) for individual user authentication information.
  • Trace options for activity pertaining to the authentication source, the CPPM.

The services hierarchy encompasses many other sub-hierarchies that cover different features and functions.

services { application-identification {application application-name {address-mapping address-name {filter {ip ip-address-and-prefix-length;port-range {tcp [port];udp [port];}}}cacheable;description;icmp-mapping {code number;type number;}ip-protocol-mapping {protocol number;}order number;over protocol-type ;priority [high | low];application-group group-name {application-groups application-group-name;applications application-name;}application-system-cache-timeout value;download {automatic {interval hours;start-time MM-DD.hh:mm;}url url;}enable-performance-mode max-packet-threshold number;no-application-identification;no-application-system-cache;statistics {interval minutes;}traceoptions {file {filename ;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag;level [all | error | info | notice | verbose | warning]no-remote-trace;}}captive-portal {authentication-profile-name authentication-profile-name;custom-options {banner-message string;footer-bgcolor hex-color-value;footer-message string;footer-text-color hex-color-value;form-header-bgcolor hex-color-value;form-header-message string;form-header-text-color hex-color-value;form-reset-label label name;form-submit-label label name;header-bgcolor hex-color-value;header-logo filename;header-message string;header-text-color hex-color-value;post-authentication-url url-string;}interface (all | interface-name) {quiet-period seconds;retries number-of-retries;server-timeout seconds;session-expiry seconds;supplicant (multiple | single | single-secure);}secure-authentication (http | https);traceoptions {file {filename ;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag;}}flow-monitoring {version9 {template template-name {flow-active-timeout seconds;flow-inactive-timeout seconds;ipv4-template;ipv6-template;option-refresh-rate {packets packets;seconds seconds;}template-refresh-rate {packets packets;seconds seconds;}}}}ip-monitoring {policy policy-name {match {rpm-probe [probe-name];}no-preempt ;then {interface interface-name (disable | enable);preferred-route {route destination-address {next hop next-hop;preferred-metric metric;}routing-instances name;}}}traceoptions {file {filename;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag; no-remote-trace;}}rpm {bgp {data-fill data;data-size size;destination-port port;history-size size;logical-system logical-system-name <routing-instances routing-instance-name>;moving-average-size number-of-samples;probe-count count;probe-interval seconds;probe-type type;routing-instances {routing-instance-name;}test-interval seconds;}probe owner {test test-name {data-fill data;data-size size;destination-interface interface-name;destination-port port;dscp-code-point dscp-bits;hardware-timestamp;history-size size;inet6-options {source-address address;}moving-average-size number;next-hop next-hop;one-way-hardware-timestamp;probe-count count;probe-interval seconds;probe-type type;routing-instance instance-name;source-address address;target {address ipv4-address;url url;inet6-address ipv6-address;inet6-url url;}test-interval interval;thresholds {egress-time microseconds;ingress-time microseconds;jitter-egress microseconds;jitter-ingress microseconds;jitter-rtt microseconds;rtt microseconds;std-dev-egress microseconds;std-dev-ingress microseconds;std-dev-rtt microseconds;successive-loss count;total-loss count;}traps [ trap-names];}}probe-limit number;probe-server {icmp {destination-interface interface-name;}tcp {destination-interface interface-name;port port-number;}udp {destination-interface interface-name;port port-number;}}service-device-pools {pool pool-name {interface service-device-name;}}service-interface-pools {pool pool-name {interface service-interface-name;}}ssl {initiation {profile profile-name {actions { ignore-server-auth-failure;}client-certificate; custom-ciphers [cipher];enable-flow-tracing;enable-session-cache;preferred-ciphers (custom | medium | strong | weak);protocol-version (all | tls1);trusted-ca (all | [ca-profile] );}}proxy {global-config {session-cache-timeout seconds;}profile profile-name {actions {crl{disable{always;if-no-crl;disable-session-resumption;ignore-server-auth-failure;logs {all;errors;info;sessions-allowed;sessions-dropped;sessions-ignored;sessions-whitelisted;warning;}renegotiation {(allow | allow-secure | drop); }}custom-ciphers [cipher];enable-flow-tracing; preferred-ciphers (custom | medium | strong | weak);root-ca root-certificate;trusted-ca (all | [ca-profile] );whitelist [global-address-book-addresses];}}termination {profile profile-name {custom-ciphers [cipher];enable-flow-tracing;enable-session-cache;preferred-ciphers (custom | medium | strong | weak);protocol-version (all | tls1);server-certificate certificate-identifier;}}traceoptions {file {filename;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag; level [brief | detail | extensive | verbose];no-remote-trace;}}unified-access-control {captive-portal redirect-policy-name {redirect-traffic (all | unauthenticated); redirect-url redirect-url;}certificate-verification [ optional | required | warning ];infranet-contoller host-name {address ip-address; ca-profile [ca-profile];interface interface-name; password password; port port-number;server-certificate-subject subject;}interval seconds; test-only-mode; timeout seconds;timeout-action (close | no-change | open); traceoptions {file {filename;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag; no-remote-trace;}}} wireless-wan {adapter adapter-name {adapter-type cx-bridge;ip-address ip-address;modem {usb1 description description;usb2 description description;usb3 description description;}}}}

Modified: 2016-05-01