web-server (Services)
Syntax
web-server { server-name; address address; connect-method (http | https); port port; }
Hierarchy Level
[edit services user-identification authentication-source (Services User Identification ClearPass) aruba-clearpass user-query (Services User Identification)]
Description
Specify the name of the webserver configuration on the SRX Series Firewall used for the user query integrated ClearPass authentication and enforcement function. The webserver is the ClearPass server to which the SRX Series Firewall connects to request authentication and identity information for an individual user.
When information for the individual user is not posted to the SRX Series Firewall by ClearPass through Web API POST request messages, the SRX Series Firewall can request this information from the ClearPass Policy Manager (CPPM) under certain circumstances. You must enable the user query function by configuring it.
address- Configure for the integrated ClearPass authentication and enforcement feature the address of the ClearPass webserver that the SRX Series Firewall communicates with. The SRX Series Firewall requests user authentication and identity information for an individual user from the ClearPass webserver whose address is configured. If you configure the user query function, the SRX Series Firewall can obtain this information for a specific user when it does not receive it from the ClearPass Policy Manager through Web API POST requests.
connect-method- Configure the application protocol used for the SRX Series Firewall connection to the ClearPass Policy Manager (CPPM) for user query requests. You identify the connection protocol as part of the configuration that identifies the CPPM server. The user query function allows the SRX Series Firewall to request from the CPPM user authentication and identity information for an individual user.
port- Configure the port on the Juniper Identity Management Service server that the SRX Series Firewall uses to connect to the server.
Options
server-name | Specify the Web server name. |
address | Specify the IP address or hostname of web server. |
http | Configure HTTP as the connection protocol to use for the SRX Series integrated ClearPass authentication and enforcement feature’s connection to the ClearPass Policy Manager (CPPM) webserver for individual user authentication queries. You can identify the connection protocol as part of the configuration that identifies the CPPM webserver (mutually exclusive with HTTPS). If the SRX Series Firewalls does not find an authentication entry for a user in its local ClearPass authentication table, it can query the Aruba ClearPass webserver for this information. |
https | Configure HTTPS as the connection protocol used for the SRX Series connection to the ClearPass Policy Manager (CPPM) for user query requests. You identify the connection protocol as part of the configuration that identifies the CPPM webserver. The integrated ClearPass authentication and enforcement user query function allows the SRX Series Firewall to request from the CPPM user authentication and identity information for an individual when the SRX Series ClearPass authentication table does not contain that information. The http and https configuration assumes that aruba-clearpass is specified as the authentication source. The Web API process, acting as an HTTP server, exposes to the Aruba ClearPass Policy Manager (CPPM) an API that allows the CPPM, acting as a client, to send POST request messages to it. The CPPM, which serves as the authentication source, initiates the session to the SRX Series Firewall and sends it user authentication and identity information.
|
port | Specify the Web server port number.
|
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.3X48-D30.