Enabling UAC in a Junos OS Environment (CLI Procedure)
Junos OS security policies enforce rules for transit traffic, defining what traffic can pass through the Juniper Networks device. The policies control traffic that enters from one zone (from-zone) and exits another (to-zone). To enable an SRX Series or J Series device as a Junos OS Enforcer in a UAC deployment, you must:
- Identify the source and destination zones through which UAC traffic will travel. It also needs the list of interfaces, including which zones they are in. The Infranet Controller uses the destination zone to match its own IPsec routing policies configured on Infranet Controller.
- Identify Junos OS security policies that encompass those zones, and enable UAC for those policies.
Before you begin:
- Set up the interfaces through which UAC traffic should enter the SRX Series or J Series device. See Junos OS Interfaces Configuration Guide for Security Devices.
- Group interfaces with identical security requirements into zones. See Example: Creating Security Zones.
- Create security policies to control the traffic that passes through the security zones. See Example: Configuring a Security Policy to Permit or Deny All Traffic.
To configure UAC through a Junos OS security policy, enter the following configuration statement:
user@host# set security policies from-zone zone-name to-zone zone-name policy
match then permit application-services uac-policy
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- Understanding UAC in a Junos OS Environment
Hide Navigation Pane
Show Navigation Pane
Download
SHA1