TechLibrary

Navigation Back up to About Overview

ContentIndex

[+] Expand All

[-] Collapse All

Junos OS Release 12.3X48 Feature Guide
- New Features in Junos OS Release 12.3X48-D30
  - Integrated ClearPass Authentication and Enforcement
    - Understanding SRX Series Integrated ClearPass Authentication and Its Component Functions
      - Understanding the SRX Series Integrated ClearPass Authentication and Enforcement Feature
        Why You Need to Protect Your Environment With the SRX Series Integrated ClearPass Authentication and Enforcement Feature
        How the SRX Series Integrated ClearPass Authentication and Enforcement Feature Can Protect Your Network Environment
      - SRX Series Supported Platforms for the Integrated ClearPass Authentication and Enforcement Feature
      - Understanding How ClearPass Initiates a Session and Communicates User Authentication Information to the SRX Series Device Using the Web API
        Web API
        ClearPass Authentication Table
        Using HTTPS or HTTP for the Connection Protocol Between ClearPass and the SRX Series Device
        Ensuring the Integrity of Data Sent from ClearPass to the SRX Series Device
        Data Size Restrictions and Other Constraints
        Posture States and the Posture Group
      - Understanding Enforcement of ClearPass User and Group Authentication on the SRX Series Devices
        Understanding How the SRX Series Device Manages the ClearPass Authentication Table
        User Authentication Entries in the ClearPass Authentication Table
        Communication Between ClearPass and the SRX Series Device
        Understanding Domains and Interested Groups
        When a User Has Already Been Authenticated By Another Source
      - Understanding the Integrated ClearPass Authentication and Enforcement User Query Function
      - Understanding How the Integrated ClearPass Feature Detects Threats and Attacks and Notifies the CPPM
      - SRX Series Threat and Attack Logs Sent to Aruba ClearPass
    - Integrated ClearPass Authentication and Enforcement Examples
    - Integrated ClearPass Authentication and Enforcement CLI Configuration Statements
    - Integrated ClearPass Authentication and Enforcement CLI Operational Commands
- New Features in Junos OS Release 12.3X48-D20
- New Features in Junos OS Release 12.3X48-D15
- Requesting Technical Support
- Revision History

No index entries found.

Download This Guide

Download this guide: Junos OS Release 12.3X48 Feature Guide

https (Services User Identification)

Syntax

https (certificate local-certificate; certificate-key local-certificate-key;default-certificate;pki-local-certificate certificate-name;port port-number;)

Hierarchy Level

[edit services user-identification authentication-source name user-query web-server name connect-method]

Release Information

Statement introduced in Junos OS Release 12.3X48-D30.

Description

Configure HTTPS as the connection protocol used for the SRX Series connection to the ClearPass Policy Manager (CPPM) for user query requests. You identify the connection protocol as part of the configuration that identifies the CPPM webserver.

The integrated ClearPass authentication and enforcement user query function allows the SRX Series device to request from the CPPM user authentication and identity information for an individual when the SRX Series ClearPass authentication table does not contain that information.

The connect-method configuration is optional. If it is not configured, a default value of HTTPS is assumed.

Note: This configuration assumes that aruba-clearpass is specified as the authentication source.

Options

https

—

Specifies use of the encrypted HTTPS protocol. (Mutually exclusive with HTTP.)

default-certificate

—

Configures the Web API daemon (webapi) to use the default HTTPS certificate.

For security reasons, the HTTPS default-certificate key size 2048.

certificate filename

—

Configures the Web API daemon to use a specified, custom certificate file.

The Web API supports only the Privacy-Enhanced Mail (PEM) format for the custom certificate and certificate key configuration.

certificate-key local-certificate-key

—

Configures the Web API daemon service certificate key. This parameter is required if a custom service certificate file is configured.

pki-local-certificate pki-certificate

—

Configures the Web API daemon to use the local X.509 PKI certificate.

port port-number

—

Configures the HTTPS service port. The default port is 8443.

Range: 1 through 65535

Required Privilege Level

services—To view this statement in the configuration.
services-control—To add this statement to the configuration.