compliance (Juniper Secure Connect)
Syntax
compliance { pre-logon name { term term-name { match { platform { (android | ios | macos | windows) { (app-version | os-version) { (equal | greater-than | greater-than-or-equal | less-than | less-than-or-equal) version; } } } hostname value; ms-domain value; ms-workgroup value; deviceid value; } action (accept | reject); } } }
Hierarchy Level
[edit security remote-access]
Description
The statement defines Juniper Secure Connect remote-access prelogon compliance policies. You associate a single compliance rule object per remote-access connection profile. This means, a remote-access connection profile can have one associated compliance policy. The Juniper Secure Connect application sends details to the SRX Series Firewall. The device performs prelogon compliance checks. Based on the prelogon compliance rule match, action is taken to accept or reject a connection.
You can create multiple prelogon compliance policies and each policy can contain multiple term rules. The term rules are a set of individual rules containing match conditions and their actions based on the compliance parameters listed in the options below. You can associate a single compliance rule object per remote-access connection profile.
Evaluation Criteria
For every connection request, SRX Series Firewall processes each rule as follows –
-
SRX Series Firewall evaluates the term rules in the order they appear in the configuration.
-
If there is no match in the current term rule, it evaluates the next term rule.
-
Based on the match, it takes an action.
-
When there is no action specified, the default action for a match rule is
reject
. -
When no further term rule is specified for an unmatched rule, the default action is
reject
-
When no compliance rule is attached to the profile, the default action is
accept
.
Based on this evaluation criteria, the administrator defines rules.
Options
pre-logon |
Define pre-login compliance rule; specify the compliance rule name.
|
term |
Define compliance rule term; specify the term rule name.
|
action |
Specify the action based on the rule match.
|
match |
Specify rules to match. |
platform |
Specify rule to match OS and Client information for the specified OS.
|
app-version |
Match remote access client version with the specified operational values.
|
os-version |
Match operating system version with the specified operational values.
|
version |
Specify version.
|
deviceid |
Specify set of device IDs.
|
hostnames |
Specify set of host names.
|
ms-domain |
Specify set of domain names.
|
ms-workgroup |
Specify set of work groups.
|
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 23.1R1.