Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add an Access Profile

 

You are here: Configure > Users > Access Profile.

To add an access profile:

  1. Click the add icon (+) on the upper right side of the Access Profile page.

    The Create Access Profile page appears.

  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 1: Fields on the Access Profile Page

Field

Description

General Settings

Profile Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 64 characters.

Authentication Order

Order 1

Select one or more of the following authentication method:

  • NONE—No authentication for the specified user.

  • LDAP—Use LDP. The SRX Series device uses this protocol to get user and group information necessary to implement the integrated user firewall feature.

  • Password—Use a locally configured password in the access profile.

    You can set the password to none or configure for the following authentication orders:

    • LDAP

    • Radius servers

    • Secure ID

  • Radius—Use RADIUS authentication services.

    If RADIUS servers fail to respond or return a reject response, try password authentication, because it is explicitly configured in the authentication order.

  • Secure ID—Configure the RSA SecurID authentication.

    Users can enter either static or dynamic passwords as their credentials. A dynamic password is a combination of a user’s PIN and a randomly generated token that is valid for a short period of time, approximately one minute. A static password is configured for the user on the SecurID server. For example, the SecurID server administrator might set a temporary static password for a user who has lost SecurID token.

Order 2

Select the authentication method from the list and click Next.

Password

Address Assignment

Select an address pool from the list.

Click + to create the password using the address pool and enter the following details:

  • User Name—Enter the user name.

  • Password—Enter the password.

  • XAUTH IP Address—Enter the IPv4 address of the external authentication server to verify the authentication user account.

  • Groups—Enter the group name to store several user accounts together on the external authentication servers.

LDAP

LDAP

Click + to add LDAP server, enter the following details, and click OK:

  • Address—Enter the IPv4 address or hostname of the LDAP authentication server.

  • Port—Configure the port number on which to contact the LDAP server.

    Range is 1 through 65535.

  • Retry—Specify the number of retries that a device can attempt to contact an LDAP server.

    Range is 1 through 10 seconds.

  • Routing Instance—Configure the routing instance used to send LDAP packets to the LDAP server.

  • Source Address—Configure a source IP address for each configured LDAP server.

  • Timeout—Configure the amount of time that the local device waits to receive a response from an LDAP server.

    Range is 3 through 90.

LDAP Options

Base Distinguished Name

Enter the base distinguished name that defines the user.

Revert Interval

Specifies the amount of time that elapses before the primary server is contacted if a backup server is being used.

Use top/bottom arrows to provide the revert interval.

Range is 60 through 4294967295.

Additional Details

Assemble

Enable the assemble option.

Common Name

Enter a common name identifier.

Search

Enable the search option.

Search Filter

Specify the name of the filter to find the users LDAP distinguished name.

Admin Search

Enable the Admin search option.

Distinguished Name

Specify the distinguished name of an administrative user. The distinguished name is used in the bind for performing the LDAP search.

Password

Enter the password for the administrative user.