Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


authentication-source (Services User Identification Device Identity)


Hierarchy Level


Specify the device identity authentication source. The integrated user firewall device identity authentication feature enables you to control access to resources based on the identity of the device and not that of the user of the device. Supported authentication sources include Active Directory and third-party network access systems.

The SRX Series Firewall obtains the device identity information for authenticated devices from the authentication source. After the SRX Series Firewall obtains the device information, it creates a device identity authentication table to use to store device identity entries.

The SRX Series Firewall searches the device identity authentication table for a device match when traffic issuing from a user’s device arrives at the SRX Series Firewall. If it finds a match, the SRX Series Firewall searches for a matching security policy. If it finds a matching security policy, the security policy’s action is applied to the traffic.



Specifies Microsoft Active Directory as the authentication source.

The SRX Series Firewall obtains the device identity information for authenticated devices from Active Directory. It reads the Active Directory domain controller event logs to obtain the IP addresses of devices logged into the domain and authenticated by Windows. Then, for each authenticated device, it obtains from the Active Directory LDAP server the names of the groups to which the device belongs, based on the IP addresses of the devices.


Specifies the authentication source as that of a third-party network access controller (NAC) system. If your network environment is configured for a NAC solution and you decide to take this approach, the NAC system sends the device identity information to the SRX Series Firewall. The SRX Series Firewall exposes a RESTful Web services API implementation that enables you to send the device identity information to the SRX Series Firewall in a formal XML structure. If you take this approach, you must verify that your NAC solution works with the SRX Series Firewall.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1X49-D70.