Communications Between the JUNOS Enforcer and the Infranet Controller

When you configure an SRX-series device to connect to an Infranet Controller through the JUNOS CLI, the SRX-series device and the Infranet Controller establish secure communications as follows:

1. The Infranet Controller presents its server certificate to the SRX-series device. If configured to do so, the SRX-series device verifies the certificate. (Server certificate verification is not required; however, as an extra security measure you can verify the certificate to implement an additional layer of trust.)
2. The SRX-series device and the Infranet Controller perform mutual authentication using the proprietary challenge-response authentication. For security reasons, the password is not included in the message sent to the Infranet Controller.
3. After successfully authenticating the SRX-series device, the Infranet Controller sends it user authentication and resource access policy information. The SRX-series device uses this information to act as the JUNOS Enforcer in the UAC network.
4. Thereafter, the Infranet Controller and the JUNOS Enforcer can communicate freely with one another over the SSL connection. The communications are controlled by a proprietary protocol called JUNOS UAC Enforcer Protocol (JUEP).

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.