[Contents] [Prev] [Next] [Index] [Report an Error]

Communications Between the JUNOS Enforcer and the Infranet Agent

An Infranet Agent helps you secure traffic on your network starting with the endpoints that initiate communications as follows:

  1. The Infranet Agent, which runs directly on the endpoint, checks that the endpoint is compliant with your Unified Access Control (UAC) Host Checker policies. You can use a wide variety of criteria within a UAC Host Checker policy to determine compliance. For example, you can configure the Host Checker policy to confirm that the endpoint is running antivirus software or a firewall or that the endpoint is not running specific types of malware or processes.
  2. The Infranet Agent transmits the compliance information to the JUNOS Enforcer.
  3. The JUNOS Enforcer allows or denies the endpoint access to the resources on your network based on the Host Checker compliance results.

Because the Infranet Agent runs directly on the endpoint, you can use the Infranet Agent to check the endpoint for security compliance at any time. For instance, when a user tries to sign into the Infranet Controller, you can require the Infranet Agent to send compliance results immediately—the user will not even see the sign-in page until the Infranet Agent returns positive compliance results to the Infranet Controller. You can also configure the Infranet Agent to check for compliance after the user signs in or periodically during the user session. For more information about the Infranet Agent, see the Unified Access Control Administration Guide.

To integrate the Infranet Agent into a JUNOS-UAC deployment, no special configuration is required on the JUNOS Enforcer. You simply need to create IP-based security policies enabling access to the appropriate endpoints as you would for any other JUNOS-UAC deployment. (For more information, see JUNOS Enforcer Policy Enforcement.) If the endpoints running the Infranet Agent have appropriate access, they will automatically send their compliance results to the Infranet Controller and the Infranet Controller will update the authentication table entries accordingly and push them to the JUNOS Enforcer. The JUNOS Enforcer supports connections with the Odyssey Access Client and “agentless” Infranet Agents.

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.