infranet-controller
Syntax
infranet-contoller host-name {
address ip-address;
ca-profile [ca-profile];
interface interface-name;
password password;
port port-number;
server-certificate-subject subject;
}
Hierarchy Level
[edit services unified-access-control ]
Description
To configure an Infranet Controller, specify the hostname of the IC Series device with which the SRX Series Firewall should communicate. Possible values for this statement range from 1 to 31 characters.
This statement is required when you are configuring the SRX Series Firewall to act as a Junos OS Enforcer in a Unified Access Control (UAC) deployment. When deployed as a Junos OS Enforcer, the SRX Series Firewall enforces the policies that are defined on the UAC’s IC Series device.
One or more IC Series devices can be configured as Infranet Controllers on the SRX Series Firewall. There is no maximum number of IC Series devices that can be configured. However, only one IC Series device can be active at any time. The others are failover devices. A round-robin algorithm determines which of the configured IC Series devices is the active Infranet Controller. If the active Infranet Controller becomes inoperative, the algorithm is reapplied to the remaining IC Series devices that are configured to establish the new active Infranet Controller.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.4.