- play_arrow Juniper Web Device Manager
- play_arrow Getting Started
-
- play_arrow Add SRX Series Firewall to Security Director Cloud
- play_arrow Dashboard
- play_arrow J-Web Dashboard
-
- play_arrow Monitor
- play_arrow Network
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Statistics
- play_arrow Reports
-
- play_arrow Device Administration
- play_arrow Basic Settings
- play_arrow Cluster Management
- play_arrow User Management
- play_arrow Multi Tenancy—Resource Profiles
- play_arrow Multi Tenancy—Interconnect Ports
- play_arrow Multi Tenancy—Logical Systems
- play_arrow Multi Tenancy—Tenants
- play_arrow Certificate Management—Device Certificates
- play_arrow Certificate Management—Trusted Certificate Authority
- About the Trusted Certificate Authority Page
- Generate Default Trusted Certificate Authorities
- Enroll a CA Certificate
- Import a CA Certificate
- Add a Certificate Authority Profile
- Edit a Certificate Authority Profile
- Delete Certificate Authority Profile
- Search Text in the Trusted Certificate Authority Table
- play_arrow Certificate Management—Certificate Authority Group
- play_arrow License Management
- play_arrow Security Package Management
- play_arrow ATP Management
- play_arrow Operations
- play_arrow Software Management
- play_arrow Configuration Management
- play_arrow Alarm Management
- play_arrow RPM
- play_arrow Tools
- play_arrow Reset Configuration
-
- play_arrow Network
- play_arrow Connectivity—Interfaces
- play_arrow Connectivity—VLAN
- play_arrow Connectivity—Link Aggregation
- play_arrow Connectivity—Wireless LAN
- play_arrow DHCP Client
- play_arrow DHCP Server
- play_arrow Firewall Filters—IPv4
- play_arrow Firewall Filters—IPv6
- play_arrow Firewall Filters—Assign to Interfaces
- play_arrow NAT Policies
- play_arrow NAT Pools
- play_arrow Destination NAT
- play_arrow Static NAT
- play_arrow NAT Proxy ARP/ND
- play_arrow Static Routing
- play_arrow RIP Routing
- play_arrow OSPF Routing
- play_arrow BGP Routing
- play_arrow Routing Instances
- play_arrow Routing—Policies
- play_arrow Routing—Forwarding Mode
- play_arrow CoS—Value Aliases
- play_arrow CoS—Forwarding Classes
- play_arrow CoS Classifiers
- play_arrow CoS—Rewrite Rules
- play_arrow CoS—Schedulers
- play_arrow CoS—Scheduler Maps
- play_arrow CoS—Drop Profile
- play_arrow CoS—Virtual Channel Groups
- play_arrow CoS—Assign To Interface
- play_arrow Application QoS
- play_arrow IPsec VPN
- play_arrow Manual Key VPN
- play_arrow Dynamic VPN
-
- play_arrow Security Policies and Objects
- play_arrow Security Policies
- play_arrow Zones/Screens
- play_arrow Zone Addresses
- play_arrow Global Addresses
- play_arrow Services
- play_arrow Dynamic Applications
- play_arrow Application Tracking
- play_arrow Schedules
- play_arrow Proxy Profiles
-
About the Active Directory Page
You are here: Security Services > Firewall Authentication > Active Directory.
You can configure Active directory.
Table 1 describes the fields on the Active Directory page.
Field | Description |
---|---|
General Information | |
General | |
No on Demand Probe | Enable the manual on-demand probing of a domain PC as an alternate method for the SRX Series device to retrieve address-to-user mapping information. |
Timeout | |
Authentication Entry Timeout | Set the timeout to 0 to avoid having the user's entry being removed from the authentication table after the timeout. Note: When a user is no longer active, a timer is started for that user’s entry in the Active Directory authentication table. When the time is up, the user’s entry is removed from the table. Entries in the table remain active as long as there are sessions associated with the entry. The default authentication entry timeout is 30 minutes. Starting in Junos OS Release 19.2R1, the default value is 60 minutes. To disable timeout, set the interval to zero. The range is 10 through 1440 minutes. |
WMI Timeout | Enter the number of seconds that the domain PC has to respond to the SRX Series device’s query through Windows Management Instrumentation (WMI) or Distributed Component Object Module (DCOM). If no response is received from the domain PC within the wmi-timeoutinterval, the probe fails and the system either creates an invalid authentication entry or updates the existing authentication entry as invalid. If an authentication table entry already exists for the probed IP address, and no response is received from the domain PC within the wmi-timeout interval, the probe fails and that entry is deleted from the table. The range is 3 through 120 seconds. |
Invalid Authentication Entry Timeout | Enter a value. The range is 10 through 1440 minutes. When a user is no longer active, a timer is started for that user’s entry in the Active Directory authentication table. When the time is up, the user’s entry is removed from the table. If this value is not configured, all the invalid auth entry from Active Directory will use the default value as 30 minutes. The range is 10 through 1440 minutes. |
Firewall Authentication Forced Timeout | Enter a value. The range is 10 through 1440 minutes. This is the firewall authentication fallback time. Set the timeout to 0 to avoid having the user's entry being removed from the authentication table after the timeout. |
Filter | |
Include | Enable to include IP addresses from the Available column. Click the Add icon (+) to create a new IP address and add it as either include or exclude from monitoring. Click the Delete icon to delete a new IP address and add it as either include or exclude from monitoring. |
Exclude | Enable to exclude IP addresses from the Available column. Click the Add icon (+) to create a new IP address and add it as either include or exclude from monitoring. Click the Delete icon to delete a new IP address and add it as either include or exclude from monitoring. |
Domain Settings | |
Test | Click Test to check the Domain Connection status. test:Status page appears and displays the status. |
+ | Click + to add a domain. The Add Domain page appears. Note:
|
General | |
Domain Name | Enter the name of the domain. The range for the domain name is 1 through 64 characters. |
Username | Enter the password for the Active Directory account password. The range for the username is 1 through 64 characters. Example: admin |
Password | Enter the username for the Active Directory account name. The range for the password is 1 through 128 characters. Example: A$BC123 |
Domain Controller(s) | |
Domain Controller(s) | Click the add icon (+) to add domain controller settings.
|
User Group Mapping (LDAP) | |
User Group Mapping (LDAP) | Click the add icon (+):
|
Base Distinguish Name | Enter the LDAP base distinguished name (DN). Example: DC=example,DC=net |
Username | Enter the username of the LDAP account. If no username is specified, the system will use the configured domain controller’s username. |
Password | Enter the password for the account. If no password is specified, the system uses the configured domain controller’s password. |
Use SSL | Enable Secure Sockets Layer (SSL) to ensure secure transmission with the LDAP server. Disabled by default, then the password is sent in plaintext. |
Authentication Algorithm | Enable this option to specify the algorithm used while the SRX Series device communicates with the LDAP server. By default, simple is selected to configure simple(plaintext) authentication mode. |
IP User Mapping | |
Discovery Method (WMI) | Enable the method of discovering IP address-to-user mappings. WMI—Windows Management Instrumentation (WMI) is the discovery method used to access the domain controller. This option should be enabled only for internal hosts or trusted hosts. |
Event Log Scanning Interval | Enter the scanning interval at which the SRX Series device scans the event log on the domain controller. The range is 5 through 60 seconds. Default value is 60 seconds. |
Initial Event Log TimeSpan | Enter the time of the earliest event log on the domain controller that the SRX Series device will initially scan. This scan applies to the initial deployment only. After WMIC and the user identification start working, the SRX Series device scans only the latest event log. The range is 1 through 168 hours. Default value is 1 hour. |
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.