Related Documentation
Understanding the Three-Tiered User Firewall Features
Juniper Networks offers three tiers of user firewall. The three features have different characteristics that are appropriate in different environments. Figure 1 illustrates the relative security level of the three tiers. Table 1 compares them to help you decide which best suits your implementation.
Figure 1: Three-Tiered User Firewall Features
Table 1 describes the basic differences among the three features.
Table 1: Comparison of User Firewall Features
| Integrated User Firewall | User Role Firewall | Unified Access Control (UAC) Network Access Control (NAC) | |
| Authentication | Passive authentication–Does not interact with client directly; polls the Active Directory for login information. | Active authentication–Queries the client. | End-to-end–Authenticates the user down to the access level where user connects, whether wired or wireless. |
| Extent of Authentication | Best effort. | Deterministic–User is identified. | Deterministic–User is identified. |
| Where Enforced | Enforced at firewall. | Enforced at firewall. | Enforced at access (switch or WiFi) and firewall. |
| Devices Needed | SRX Series | SRX Series and MAG Series | SRX Series and MAG Series |
| Ideal Environments |
|
|
|
- You can upgrade to a higher tier if you choose. From integrated user firewall, simply add the MAG Series to get user role firewall. From there, add licenses to get full UAC NAC.
- The three offerings provide maximum flexibility; they are supported on all SRX Series hardware platforms.
