[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Unified Access Control Overview
A Unified Access Control (UAC) deployment uses the following
components to secure a network and ensure that only qualified end
users can access protected resources:
-
Infranet Controllers—An
Infranet Controller is a policy decision point in the network. It
uses authentication information and policy rules to determine whether
or not to provide access to individual resources on the network. You
can deploy one or more Infranet Controllers in your network.
-
Infranet Enforcers—An
Infranet Enforcer is a policy enforcement point in the network. It
receives policies from the Infranet Controller and uses the rules
defined in those policies to determine whether or not to allow an
endpoint access to a resource. You deploy the Infranet Enforcers in
front of the servers and resources that you want to protect.
-
Infranet Agents—An Infranet
Agent is a client-side component that runs directly on network endpoints
(such as users’ computers). The agent checks that the endpoint
complies to the security criteria specified in Host Checker policies
and relays that compliance information to the Infranet Enforcer. The
Infranet Enforcer then allows or denies the endpoint access based
on the compliance results.
An SRX-series services gateway can act as an Infranet
Enforcer in a UAC network. Specifically, it acts as a Layer 3 enforcement
point, controlling access by using IP-based policies pushed down from
the Infranet Controller. When deployed in a UAC network, an SRX-series
device is called a JUNOS Enforcer.
Figure 149: Integrating a JUNOS Security Device into
a Unified Access Control Network
This topic includes the following information about deploying
an SRX-series services gateway as a JUNOS Enforcer in a UAC network:
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
