Add an Access Profile
You are here: Configure > Users > Access Profile.
Procedure
To add an access profile:
- Click the add icon (+) on the upper right side
of the Access Profile page.
The Create Access Profile page appears.
- Complete the configuration according to the guidelines
provided in Table 177.
- Click OK to save the changes. If you want to
discard your changes, click Cancel.
Table 177: Fields on
the Access Profile Page
Field | Description |
|---|
| General Settings |
Profile Name | Enter a unique string of alphanumeric characters, colons,
periods, dashes, and underscores. Maximum length is 64 characters. |
| Authentication
Order |
Order 1 | Select one or more of the following authentication method: NONE—No authentication for the specified user. LDAP—Use LDP. The SRX Series device uses this protocol
to get user and group information necessary to implement the integrated
user firewall feature. Password—Use a locally configured password in the
access profile. You can set the password to none or configure for the following
authentication orders: LDAP Radius servers Secure ID
Radius—Use RADIUS authentication services. If RADIUS servers fail to respond or return a reject response,
try password authentication, because it is explicitly configured in
the authentication order. Secure ID—Configure the RSA SecurID authentication. Users can enter either static or dynamic passwords as their
credentials. A dynamic password is a combination of a user’s
PIN and a randomly generated token that is valid for a short period
of time, approximately one minute. A static password is configured
for the user on the SecurID server. For example, the SecurID server
administrator might set a temporary static password for a user who
has lost SecurID token.
|
Order 2 | Select the authentication method from the list and click Next. |
| Password |
Address Assignment | Select an address pool from the list. Click + to create the password using the address
pool and enter the following details: User Name—Enter the user name. Password—Enter the password. XAUTH IP Address—Enter the IPv4 address
of the external authentication server to verify the authentication
user account. Groups—Enter the group name to store
several user accounts together on the external authentication servers.
|
| LDAP |
LDAP | Click + to add LDAP server, enter the following
details, and click OK: Address—Enter the IPv4 address or hostname
of the LDAP authentication server. Port—Configure the port number on which
to contact the LDAP server. Range is 1 through 65535. Retry—Specify the number of retries that
a device can attempt to contact an LDAP server. Range is 1 through 10 seconds. Routing Instance—Configure the routing
instance used to send LDAP packets to the LDAP server. Source Address—Configure a source IP
address for each configured LDAP server. Timeout—Configure the amount of time
that the local device waits to receive a response from an LDAP server. Range is 3 through 90.
|
| LDAP Options |
Base Distinguished Name | Enter the base distinguished name that defines the user. |
Revert Interval | Specifies the amount of time that elapses before the
primary server is contacted if a backup server is being used. Use top/bottom arrows to provide the revert interval. Range is 60 through 4294967295. |
| Additional Details |
Assemble | Enable the assemble option. |
Common Name | Enter a common name identifier. |
Search | Enable the search option. |
Search Filter | Specify the name of the filter to find the users LDAP
distinguished name. |
Admin Search | Enable the Admin search option. |
Distinguished Name | Specify the distinguished name of an administrative user.
The distinguished name is used in the bind for performing the LDAP
search. |
Password | Enter the password for the administrative user. |
Related Documentation
Help us to improve. Rate this article.
Feedback Received. Thank You!