- play_arrow Juniper Web Device Manager
- play_arrow Getting Started
-
- play_arrow Add SRX Series Firewall to Security Director Cloud
- play_arrow Dashboard
- play_arrow J-Web Dashboard
-
- play_arrow Monitor
- play_arrow Network
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Statistics
- play_arrow Reports
-
- play_arrow Device Administration
- play_arrow Basic Settings
- play_arrow Cluster Management
- play_arrow User & Roles
- play_arrow Multi Tenancy—Resource Profiles
- play_arrow Multi Tenancy—Interconnect Ports
- play_arrow Multi Tenancy—Logical Systems
- play_arrow Multi Tenancy—Tenants
- play_arrow Certificate Management—Device Certificates
- play_arrow Certificate Management—Trusted Certificate Authority
- About the Trusted Certificate Authority Page
- Generate Default Trusted Certificate Authorities
- Enroll a CA Certificate
- Import a CA Certificate
- Add a Certificate Authority Profile
- Edit a Certificate Authority Profile
- Delete a Certificate Authority Profile
- Search Text in the Trusted Certificate Authority Table
- play_arrow Certificate Management—Certificate Authority Group
- play_arrow License Management
- play_arrow Security Package Management
- play_arrow ATP Management
- play_arrow Operations
- play_arrow Software Management
- play_arrow Configuration Management
- play_arrow Alarm Management
- play_arrow RPM
- play_arrow Tools
- play_arrow Reset Configuration
-
- play_arrow Network
- play_arrow Connectivity—Interfaces
- play_arrow Connectivity—VLAN
- play_arrow Connectivity—Link Aggregation
- play_arrow Connectivity—Wireless LAN
- play_arrow DHCP Client
- play_arrow DHCP Server
- play_arrow Firewall Filters—IPv4
- play_arrow Firewall Filters—IPv6
- play_arrow Firewall Filters—Assign to Interfaces
- play_arrow NAT Policies
- play_arrow NAT Pools
- play_arrow Destination NAT
- play_arrow Static NAT
- play_arrow NAT Proxy ARP/ND
- play_arrow Static Routing
- play_arrow RIP Routing
- play_arrow OSPF Routing
- play_arrow BGP Routing
- play_arrow Routing Instances
- play_arrow Routing—Policies
- play_arrow Routing—Forwarding Mode
- play_arrow CoS—Value Aliases
- play_arrow CoS—Forwarding Classes
- play_arrow CoS Classifiers
- play_arrow CoS—Rewrite Rules
- play_arrow CoS—Schedulers
- play_arrow CoS—Scheduler Maps
- play_arrow CoS—Drop Profile
- play_arrow CoS—Virtual Channel Groups
- play_arrow CoS—Assign To Interface
- play_arrow Application QoS
- play_arrow IPsec VPN
- play_arrow Manual Key VPN
- play_arrow Dynamic VPN
-
- play_arrow Security Policies and Objects
- play_arrow Security Policies
- play_arrow Metadata Streaming Policy
- play_arrow Zones/Screens
- play_arrow Zone Addresses
- play_arrow Global Addresses
- play_arrow Services
- play_arrow Dynamic Applications
- play_arrow Application Tracking
- play_arrow Schedules
- play_arrow Proxy Profiles
-
Add a Juniper Identity Management Service Profile
You are here: Security Services > Firewall Authentication > JIMS.
To add a Juniper Identity Management Service (JIMS) profile:
Field | Action |
|---|---|
| General Information | |
| Connection for Primary and Secondary Juniper Identity Management Service | |
Connection Type | Select a connection type from the list. The options available are: HTTPS and HTTP. |
Port | Enter the port number or press up or down arrow to either increment or decrement the port number. The default value is 443. |
Primary IP Address | Enter a primary IP address of JIMS server. |
Primary CA Certificate | Specifies the primary certificate of the JIMS. SRX Series Firewall will use it to verify JIMS’s certificate for SSL connection. Select Upload CA certificate to device or specify the path of the file on device. |
Primary CA Certificate file upload | Enables you to locate and upload the CA certificate. Click Browse to locate the CA certificate on your device and click Upload the selected CA certificate. |
Primary CA Certificate file path | Enter a file path of the primary CA certificate. |
Primary Client ID | Enter a primary client ID of the SRX Series Firewall to obtain access token. It must be consistent with the configuration of the API client created on JIMS. |
Primary Client Secret | Enter a password which enables you to access the primary identity management server. Specifies the client secret of the SRX Series Firewall to obtain access token. It must be consistent with the configuration of the API client created on JIMS. |
Secondary Juniper Identity Management Service Server | Enables a secondary JIMS server, its IP address, CA certificate, client ID, and client secret. Note: If you enable, the Secondary IP Address, Secondary CA Certificate file upload, Secondary Client ID, Secondary Client Secret rows are displayed. Enter the IP address of the secondary server, browse and upload the secondary CA certificate, enter the secondary client ID and secret in the respective fields. |
Token API | Enter the token API to specify the path of the URL for acquiring access token. Default is ’oauth_token/oauth’. |
Query API | Enter the path where the URL for querying user identities is located. Default is ‘user_query/v2’. Click Next. The Advanced Settings page is displayed. |
| Advanced Settings | |
| Batch Query | |
Item Per Batch | Specifies the maximum number of items in one batch query. Enter the number of items. Range is 100 to 1000 and the default number is 200. |
Query Interval | Specifies the interval for querying the newly generated user identities. Enter the number of seconds you need between each query. The range is 1 through 60 (seconds), and the default value is 5. |
| IP Query | |
Query Delay Time | Specifies the time delay to send individual IP query. Enter the time in seconds. The range is 0~60 (seconds). The default value is 15 seconds, which depends on the delay time of auth entry retrieved from JIMS to SRX. |
No IP Query | Select the check box if you want to disable the IP query function that is enabled by default. |
| Authentication Timeout | |
Authentication Entry Timeout | Enter the value in minutes. The value range is 0 or 10~1440 (minutes). 0 means no need for a timeout. the default value is 60. Specifies the time out value for authentication entry in identity management. The timeout interval begins from when the authentication entry is added to the identity-management authentication table. If a value of 0 is specified, the entries will never expire. |
Invalid Authentication Entry Timeout | Enter the value in minutes. The value range is 0 or 10~1440 (minutes). 0 means no need for a timeout. the default value is 60. Specifies the timeout value of invalid auth entry in the SRX Series authentication table for either Windows active directory or Aruba ClearPass. |
| Filter Note: You can select address set with maximum of 20 IP addresses and address set with wild card addresses. | |
Include IP Address Book | Select an IP address book from the predefined address book in which an address set must be selected as IP filter. |
Include IP Address Set | Specifies the predefined address set selected as IP filter. Select an IP address set from the list. To add a new address set for the IP address book, click Add New Address Set. |
Exclude IP Address Book | Select an IP address book that you want identity management profile to exclude. |
Exclude IP Address Set | Select the predefined address set that you want identity management profile to exclude. |
Filter to Domain | Enter one or more active directory domains, to the SRX Series Firewall. You can specify up to twenty domain names for the filter. |
