destination-identity-context

Syntax

Hierarchy Level

Description

Identifies users and roles to be used as match criteria for a policy. If a value other than any is specified as match criteria for a policy within a zone pair, the traffic is matched to table entries to retrieve associated user and roles before policy lookup occurs. Users and roles are retrieved from the local authentication table or from a UIT pushed to the SRX Series firewall from an access control service when a user is authenticated.

We recommend that you don't configure captive portal, when you use destination-identity-context with identity-context-unauthenticated option.

Options

The following entries specify the destination identities that match a policy:

`user-or-role-name`	A list of specific users and roles. Range: 0 through 39 characters. SRX Series firewall truncate imported roles to 39 characters. You need to ensure that all of your roles are 39 characters or less.
any	Any user or role, as well as the keywords identity-context-authenticated, identity-context-unauthenticated, and identity-context-unavailable.
identity-context-authenticated	All users and roles that have been authenticated.
identity-context-unauthenticated	Any user or role that does not have an IP-address mapped to authentication destination and the authentication destination is up and running.
identity-context-unavailable	Any user or role that does not have an IP address mapped to authentication destination, because the authentication destination is disconnected from the SRX Series firewall. In this case, users are unable to be authenticated due to an authentication server disconnection, such as a power outage. Unavailable user must be configured for non-domain users to be able to authenticate and log in.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 23.4R1.