Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Identity Aware Firewall

  • Optimization of IPC messages for unified access control (UAC) authentication entries (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Optimize system performance by using IPC message communication between the Routing Engine and Packet Forwarding Engine. Group multiple role entries into one message to improve efficiency. Use the clear services unified-access-control authentication-table command to refresh the UAC authentication table for accurate role and user data.

    [See Unified Access Control (UAC).]

  • User identity through HTTP XFF header (SRX Series Firewalls, and vSRX3.0)—You can identify users behind proxies by extracting the originating client IP from HTTP X-Forwarded-For (XFF) or Forwarded headers. Avoid relying on the packet source IP. Use this method to prevent misattribution from proxy addresses and to improve policy enforcement, logging, and analytics accuracy. Use the set services user-identification forward-header-lookup command to enable the XFF header feature.

    [See Active Directory as Identity Source.]