Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

compliance (Juniper Secure Connect)

Syntax

Hierarchy Level

Description

The statement defines Juniper Secure Connect remote-access prelogon compliance policies. You associate a single compliance rule object per remote-access connection profile. This means, a remote-access connection profile can have one associated compliance policy. The Juniper Secure Connect application sends details to the SRX Series Firewall. The device performs prelogon compliance checks. Based on the prelogon compliance rule match, action is taken to accept or reject a connection.

You can create multiple prelogon compliance policies and each policy can contain multiple term rules. The term rules are a set of individual rules containing match conditions and their actions based on the compliance parameters listed in the options below. You can associate a single compliance rule object per remote-access connection profile.

Evaluation Criteria

For every connection request, SRX Series Firewall processes each rule as follows –

  1. SRX Series Firewall evaluates the term rules in the order they appear in the configuration.

  2. If there is no match in the current term rule, it evaluates the next term rule.

  3. Based on the match, it takes an action.

  4. When there is no action specified, the default action for a match rule is reject.

  5. When no further term rule is specified for an unmatched rule, the default action is reject

  6. When no compliance rule is attached to the profile, the default action is accept.

Based on this evaluation criteria, the administrator defines rules.

Options

pre-logon

Define pre-login compliance rule; specify the compliance rule name.

  • Values:

    • Format: String beginning with a number or letter and consisting of letters, numbers, dashes and underscores.

    • Range: Supports upto 255 prelogon compliance rules.

term

Define compliance rule term; specify the term rule name.

  • Values:

    • Format: Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.

    • Range—Supports upto 10 term rules per compliance rule.

action

Specify the action based on the rule match.

  • Values:

    • accept—To approve the request.

    • reject—To reject the request. This is the default action for an unmatched rule when no further term rule is specified.

    • Default: When no action is specified, the default action is reject.

match

Specify rules to match.

platform

Specify rule to match OS and Client information for the specified OS.

  • Values:

    • android—Specify android version and app-version.

    • ios—Specify iOS version and app-version.

    • macos—Specify macOS version and app-version.

    • windows—Specify Windows OS version and app-version.

app-version

Match remote access client version with the specified operational values.

  • Values:

    • equal—Perform operation 'equal'.

    • greater-than—Perform operation 'greater-than'.

    • greater-than-or-equal—Perform operation 'greater-than-or-equal'.

    • less-than—Perform operation 'less-than'.

    • less-than-or-equal—Perform operation 'less-than-or-equal.

os-version

Match operating system version with the specified operational values.

  • Values:

    • equal—Perform operation 'equal'.

    • greater-than—Perform operation 'greater-than'.

    • greater-than-or-equal—Perform operation 'greater-than-or-equal'.

    • less-than—Perform operation 'less-than'.

    • less-than-or-equal—Perform operation 'less-than-or-equal.

version

Specify version.

  • Values:

    • app-version supports numeric and . (period) characters.

    • os-version supports alphanumeric and . (period) characters.

  • Range:

    • app-version supports upto 16 entries per term rule.

    • os-version supports upto 16 entries per term rule.

deviceid

Specify set of device IDs.

  • Values:

    • Supports alphanumeric, +, /, and = characters.

      This is a list of values.

  • Range:

    • Supports upto 1024 entries per term.

hostnames

Specify set of host names.

  • Values:

    • Supports alphanumeric, - and _ characters.

      This is a list of values.

  • Range:

    • Supports upto 1024 entries per term rule.

ms-domain

Specify set of domain names.

  • Values:

    • Supports alphanumeric, - and _ characters.

      This is a list of values.

  • Range:

    • Supports upto 16 entries per term rule.

ms-workgroup

Specify set of work groups.

  • Values:

    • Supports alphanumeric, - and _ characters.

      This is a list of values.

  • Range:

    • Supports upto 16 entries per term rule.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 23.1R1.