Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


user-identification (Services)


Hierarchy Level


Configure the integrated user firewall feature, including access to the Active Directory domain and domain controller, IP address-to-user mapping, and user-to-group mapping. One or two Active Directories are allowed under one domain. The IP address-to-user mapping and user-to-group mapping are configured per domain.


authentication-entry-timeout minutes

Timeout interval starting from the Active Directory/domain controller login time, the last active session, or the last successful probe. A setting of 0 means the authentication does not need a timeout. We recommend that you configure a setting of 0 when you disable on-demand-probe to prevent someone from accessing the Internet without logging in again.

  • Range: 10 through 1440 minutes

  • Default: 30 minutes


Optional. Range of IP addresses that needs to be monitored or not monitored.

include address

Include IP address or range. Maximum of 20 addresses.

exclude address

Exclude IP address or range. Maximum of 20 addresses.


Do not use traffic to discover user. Default is disabled.

wmi-timeout seconds

(Optional) Configures the number of seconds that the domain PC has to respond to the SRX Series device’s query through WMI/DCOM.

  • If the PC responds within that timeframe to the WMI query, the SRX creates an authentication entry for this PC.

  • If the PC does not respond within that timeframe, the WMI query failed. In the case of a failed query, if the SRX had an authentication entry about the queried PC before the WMI query, that authentication entry is deleted. If the SRX had no authentication entry before the WMI query, the SRX does not create an authentication entry.

  • Range: 3 through 120 seconds

  • Default: 10 seconds


Configures the logical domain identity management.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X47-D10.

logical-domain-identity-management option introduced in Junos OS Release 19.3R1.