Statement introduced in Junos OS Release 12.1. Statement updated in Junos OS Release 12.1X44-D10. Statement is supported in [edit security advance-policy-based-routing from-zone zone-name policy policy-name match] hierarchy in Junos OS Release 19.1R1.
Identifies users and roles to be used as match criteria for a policy. If a value other than any is specified as match criteria for a policy within a zone pair, the traffic is matched to table entries to retrieve associated user and roles before policy lookup occurs. Users and roles are retrieved from the local authentication table or from a UIT pushed to the SRX Series device from an access control service when a user is authenticated.
The following entries specify the source identities that match a policy:
Range: 0 through 39 characters
SRX Series devices truncate imported roles to 39 characters. You need to ensure that all of your roles are 39 characters or less.
Unknown-user must be configured for non-domain users to be able to authenticate and log in.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.