Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Access Profiles Configuration Page Options

 
  1. Select Configure>Access>Access Profiles in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

    Or

    Select Configure>Authentication>Access Profiles in the J-Web user interface.

    The Access Profiles configuration page appears.

  2. (Junos OS Release 19.1R1 and later releases) Select Configure>Users>Access Profile in the J-Web user interface.

    The Access Profiles configuration page appears.

  3. Click one:

    • Add or +—Adds a new or duplicate access profile configuration. Enter information as specified in Table 1.

    • Edit or /—Edits a selected access profile configuration.

    • Delete or X—Deletes the selected access profile configuration.

    • Search Icon—Enables you to search a firewall policy or rule from the grid.

Table 1: Add Access Profile Configuration Details

Field FunctionAction
General Settings

Access Profile Name

Specifies the name of the access profile.

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 64 characters.

Authentication Order

Order 1

Configures the order in which the user tries different authentication methods during login. For each login attempt, the method for authentication starts with the first one, until the password matches.

Select one or more of the following authentication method:

  • NONE—No authentication for the specified user.

  • LDAP—Use LDP. The SRX Series device uses this protocol to get user and group information necessary to implement the integrated user firewall feature.

  • Password—Use a locally configured password in the access profile.

    You can set the password to none or configure for the following authentication orders:

    • LDAP

    • Radius servers

    • Secure ID

  • Radius—Use RADIUS authentication services.

    If RADIUS servers fail to respond or return a reject response, try password authentication, because it is explicitly configured in the authentication order.

  • Secure ID—Configure the RSA SecurID authentication.

    Users can enter either static or dynamic passwords as their credentials. A dynamic password is a combination of a user’s PIN and a randomly generated token that is valid for a short period of time, approximately one minute. A static password is configured for the user on the SecurID server. For example, the SecurID server administrator might set a temporary static password for a user who has lost SecurID token.

Order 2

Configures the next authentication method if the authentication method included in the authentication order option is not available, or if the authentication is available but returns a reject response.

Select the authentication method from the list and click Next.

Password

Address Assignment

Specifies the address pool used by the access profile.

Select an address pool from the list.

Click + to create the password using the address pool and enter the following details:

  • User Name—Enter the user name.

  • Password—Enter the password.

  • XAUTH IP Address—Enter the IPv4 address of the external authentication server to verify the authentication user account.

  • Groups—Enter the group name to store several user accounts together on the external authentication servers.

LDAP

LDAP

Configures the LDAP server for authentication.

Click + to add LDAP server, enter the following details, and click OK:

  • Address—Enter the IPv4 address or hostname of the LDAP authentication server.

  • Port—Configure the port number on which to contact the LDAP server.

    Range is 1-65535.

  • Retry—Specify the number of retries that a device can attempt to contact an LDAP server.

    Range is 1-10 seconds.

  • Routing Instance—Configure the routing instance used to send LDAP packets to the LDAP server.

  • Source Address—Configure a source IP address for each configured LDAP server.

  • Timeout—Configure the amount of time that the local device waits to receive a response from an LDAP server.

    Range is 3-90.

LDAP Options

Base Distinguished Name

Specifies the base distinguished name that defines the user.

Enter thebase distinguished name.

Revert Interval

Specifies the amount of time that elapses before the primary server is contacted if a backup server is being used.

Use top/bottom arrows to provide the revert interval.

Range is 60-4294967295.

Additional Details

Assemble

Specifies that a user’s LDAP distinguished name (DN) is assembled through the use of a common name identifier, the username, and base distinguished name.

Enable the assemble option.

Common Name

Specifies the common name identifier used as a prefix for the username during the assembly of the users distinguished name.

Enter a common name identifier.

Search

Specifies that a user’s LDAP distinguished name is assembled through the use of a common name identifier, a username, and a base distinguished name.

Enable the search option.

Related Documentation