Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Setting ScreenOS Authentication Options Using Infranet Settings Overview


If you have deployed Juniper Networks Infranet Controllers as part of your network security infrastructure, you can use the Infranet Settings screen on devices running ScreenOS 5.3 and later to configure the properties as described in Table 1.

Table 1: Infranet Settings

Infranet Settings


Contact Interval

The time interval (in seconds) that the Infranet Enforcer waits before attempting to connect to the next available Infranet Controller; the default interval is set to 10 seconds.

Action on Timeout

For any reason, if your connection to the Infranet Controller times out, the device terminates the SSH connection and clears all Infranet Controller related context. You can change this behavior by setting the timeout action to “Open,” in which case the Infranet Enforcer allows all traffic; or “No Change,” in which case the Infranet Enforcer preserves the current state of all existing tunnel sessions.

Enforcer Mode

This setting takes the Infranet Enforcer out of regular mode and into Test mode. Test mode is recommended before you actually deploy the Infranet Enforcer enabling you to evaluate how the solution works. In this mode, the Infranet Enforcer allows all traffic that matches the Infranet policy. Logs are created indicating the behavior of the Infranet Enforcer as if it were operating in Regular mode.

Infranet Controllers

You can configure up to eight (8) Infranet Controllers. The order in which these are entered is used by the Infranet Enforcer to contact each Infranet Controller. Devices permit only one redirect URL per Infranet Controller.

In devices running ScreenOS 6.2 or later, when UAC is deployed through a ScreenOS firewall, the firewall acts as the Infranet Enforcer and redirects unauthorized access to a configured URL (captive portal). The device configures the redirect URL through a policy, which means that more than one redirect URL can be configured for the same Infranet Controller.

You can also configure security devices to authenticate using Infranet Controllers in a rule in a security policy. Refer to the Network and Security Manager Administration Guide for more information.