Add an Access Profile
You are here: Security Services > Firewall Authentication > Access Profile.
To add an access profile:
Field |
Description |
---|---|
Name |
Enter a name for the access profile. The name must be a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 64 characters. |
Address assignment |
Select an address pool from the list that can be used by different client applications. Click Create Address Pool to add a new address pool. For more information on creating a new address pool, see Add an Address Pool. Note:
If you have selected an address pool in Address Assignment, you need not assign an address pool for LDAP while creating allowed groups. Note:
For junos-ike package installed platforms, address assignment supports IPv6 address in Juniper Secure Connect > Local Gateway > User Authentication > Create Access Profile > Create Address Pool. |
Authentication | |
Local |
Select Local to configure local authentication services. To create a new local authentication user:
To edit, select the local authentication user configuration and click the pencil icon. To delete, select the local authentication user configuration and click the delete icon. |
RADIUS |
Select RADIUS to configure RADIUS authentication services. To create a new RADIUS server:
To edit, select the RADIUS server configuration and click the pencil icon. To delete, select the RADIUS server configuration and click the delete icon. |
LDAP |
Select LDAP to configure LDAP authentication services. To create a new LDAP server:
To edit, select the LDAP server configuration and click the pencil icon. To delete, select the LDAP server configuration and click the delete icon. |
LDAP Options | |
Base Distinguished Name |
Enter the base distinguished name that defines user’s basic properties. For example, in the base distinguished name o=juniper, c=us, where c stands for country, and o for organization. |
Revert Interval |
Specifies the amount of time that elapses before the primary server is contacted if a backup server is being used. Use top/bottom arrows to provide the revert interval. Range is 60 through 4294967295. |
LDAP Option Type |
Select an LDAP option from the list:
|
Common Name |
Enter a common name identifier used as a prefix for the username during the assembly of the users distinguished name. This option is available when you select Assemble LDAP option type. |
Search Filter |
Enter the name of the filter to find the users LDAP distinguished name. This option is available when you select Search LDAP option type. |
Admin Search |
Enable this option to perform an LDAP administrator search. By default, the search is an anonymous search. This option is available when you select Search LDAP option type. |
Distinguished Name |
Enter the distinguished name of an administrative user. The distinguished name is used in the bind for performing the LDAP search. This option is available when you select Admin Search is enabled. |
Secret |
Enter the plain-text password for the administrative user. This option is available when you select Admin Search is enabled. |
Allowed groups |
Note:
Starting in Junos OS Release 23.2R1, J-Web supports Allowed Groups option for Access Profile page. This option is not supported for SRX300 line of Firewalls and SRX550HM Firewall. Configure groups that are allowed to sign in. Users can configure maximum of 32 groups and group lists are limited to 255 bytes. The order in which the membership attribute is received from the LDAP server determines how a user is associated with the configured (allowed) groups. To match the user, the first group in the list received from the LDAP server that matches any of the configured groups is used. Any user who is a member of more than one group can obtain resources from either group, depending on the order of the LDAP server's response. To ensure that the user is assigned the intended resource with certainty, it is recommended that the user belong to only one group. To configure allowed groups:
You can also edit and delete allowed groups using the edit icon and delete icon respectively. |
Authentication Order | |
Order 1 |
Select one or more of the following authentication methods:
|
Order 2 |
Select the authentication method from the list. |