Understanding Communications Between the JUNOS Enforcer and the Infranet Controller

When you configure an SRX Series or J Series device to connect to an Infranet Controller, the SRX Series or J Series device and the Infranet Controller establish secure communications as follows:

1. The Infranet Controller presents its server certificate to the SRX Series or J Series device. If configured to do so, the SRX Series or J Series device verifies the certificate. (Server certificate verification is not required; however, as an extra security measure you can verify the certificate to implement an additional layer of trust.)
2. The SRX Series or J Series device and the Infranet Controller perform mutual authentication using the proprietary challenge-response authentication. For security reasons, the password is not included in the message sent to the Infranet Controller.
3. After successfully authenticating the SRX Series or J Series device, the Infranet Controller sends it user authentication and resource access policy information. The SRX Series and J Series devices uses this information to act as the JUNOS Enforcer in the UAC network.
4. Thereafter, the Infranet Controller and the JUNOS Enforcer can communicate freely with one another over the SSL connection. The communications are controlled by a proprietary protocol called JUNOS UAC Enforcer Protocol (JUEP).

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• Unified Access Control Administration Guide
• Understanding UAC in a JUNOS Environment
• Configuring Communications Between the JUNOS Enforcer and the Infranet Controller (CLI Procedure)