source-end-user-profile
Syntax
source-end-user-profile device-identity-profile-name;
Hierarchy Level
[edit security policies from-zone from-zone to-zone to-zone policy policy-name match]
Description
The source-end-user-profile
field in
a security policy enables you to specify a device identity profile
that identifies the traffic source based on the device from which
the traffic issued. The security policy action is applied to traffic
issuing from a device if the device matches the attributes specified
in the profile and it matches the rest of the security policy parameters.
The device identity profile feature provides a solution for cases in which you cannot or do not want to use the user identity to control access to network resources. The device identity feature allows you to use the identity of a device and its attributes to control access to network resources instead of the identity of the user of that device.
You might want to control network access based on the device identity for various reasons. For example, you might allow your users to use their own devices (BYOD) to access network resources and you do not want to use captive portal authentication. Also, some companies might have older switches that do not support 802.1, or they might not have a Network Access Control (NAC) system.
Options
device-identity-profile-name | Device identity profile that specifies characteristics that can apply to one or more devices. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X49-D70.