- play_arrow Junos Space Security Director
- play_arrow Dashboard
- play_arrow Overview
-
- play_arrow Monitor
- play_arrow Events and Logs-All Events
- Events and Logs Overview
- Creating Alerts
- Creating Reports
- Creating Filters
- Grouping Events
- Using Events and Logs Settings
- Selecting Events and Logs Table Columns
- Viewing Threats
- Viewing Data for Selected Devices
- Using the Detailed Log View
- Using the Raw Log View
- Showing Exact Match
- Using Filter on Cell Data
- Using Exclude Cell Data
- Showing Firewall Policy
- Showing Source NAT Policy
- Showing Destination NAT Policy
- Downloading Packets Captured
- Showing Attack Details
- Using Filters
- play_arrow Events and Logs-Firewall
- play_arrow Events and Logs-Web Filtering
- play_arrow Events and Logs-VPN
- play_arrow Events and Logs-Content Filtering
- play_arrow Events and Logs-Antispam
- play_arrow Events and Logs-Antivirus
- play_arrow Events and Logs-IPS
- play_arrow Events and Logs-Screen
- play_arrow Events and Logs-ATP Cloud
- play_arrow Events and Logs-Apptrack
- play_arrow Threat Prevention-Hosts
- play_arrow Threat Prevention-C&C Servers
- play_arrow Threat Prevention-HTTP File Download
- play_arrow Threat Prevention-Email Quarantine and Scanning
- play_arrow Threat Prevention-IMAP Block
- play_arrow Threat Prevention-Manual Upload
- play_arrow Threat Prevention-Feed Status
- play_arrow Threat Prevention-All Hosts Status
- play_arrow Threat Prevention-DDoS Feeds Status
- play_arrow Applications
- play_arrow Live Threat Map
- play_arrow Threat Monitoring
- play_arrow Alerts and Alarms - Overview
- play_arrow Alerts and Alarms-Alerts
- play_arrow Alerts and Alarms-Alert Definitions
- play_arrow Alerts and Alarms-Alarms
- play_arrow VPN
- play_arrow Insights
- play_arrow Job Management
- Using Job Management in Security Director
- Overview of Jobs in Security Director
- Archiving and Purging Jobs in Security Director
- Viewing the Details of a Job in Security Director
- Canceling Jobs in Security Director
- Reassigning Jobs in Security Director
- Rescheduling and Modifying the Recurrence of Jobs in Security Director
- Retrying a Failed Job on Devices in Security Director
- Exporting the Details of a Job in Security Director
- Job Management Main Page Fields
- play_arrow Audit Logs
- play_arrow Packet Capture
- play_arrow NSX Inventory-Security Groups
- play_arrow vCenter Server Inventory-Virtual Machines
- play_arrow Data Plane Packet Capture
-
- play_arrow Devices
- play_arrow Security Devices
- Using Features in Security Devices
- Security Devices Overview
- Add Devices to Juniper Security Director Cloud
- Updating Security-Specific Configurations or Services on Devices
- Resynchronizing Managed Devices with the Network in Security Director
- Performing Commit Check
- Logical Systems Overview
- Tenant Systems Overview
- Create a Logical System
- Create a Tenant System
- Uploading Authentication Keys to Devices in Security Director
- Modifying the Configuration of Security Devices
- Modifying the Basic Configuration for Security Devices
- Modifying the Static Routes Configuration for Security Devices
- Modifying the Routing Instances Configuration for Security Devices
- Modifying the Physical Interfaces Configuration for Security Devices
- Modifying the Syslog Configuration for Security Devices
- Modifying the Security Logging Configuration for Security Devices
- Modifying the Link Aggregation for Security Devices
- Modifying the User Management Configuration for Security Devices
- Modifying the Screens Configuration for Security Devices
- Modifying the Zones Configuration for Security Devices
- Modifying the IPS Configuration for Security Devices
- Modifying the SSL Initiation Profile for Security Devices
- Modifying the ICAP Redirect Profile for Security Devices
- Configuring Aruba ClearPass for Security Devices
- Configuring APBR Tunables for Security Devices
- Modifying the Express Path Configuration for Security Devices
- Modifying the Device Information Source Configuration for Security Devices
- Viewing the Active Configuration of a Device in Security Director
- Deleting Devices in Security Director
- Rebooting Devices in Security Director
- Resolving Key Conflicts in Security Director
- Launching a Web User Interface of a Device in Security Director
- Connecting to a Device by Using SSH in Security Director
- Importing Security Policies to Security Director
- Importing Device Changes
- Viewing Device Changes
- Viewing and Exporting Device Inventory Details in Security Director
- Previewing Device Configurations
- Refreshing Device Certificates
- Assigning Security Devices to Domains
- Acknowledging Device SSH Fingerprints in Security Director
- Viewing Security Device Details
- Security Devices Main Page Fields
- play_arrow Device Discovery
- Overview of Device Discovery in Security Director
- Creating Device Discovery Profiles in Security Director
- Editing, Cloning, and Deleting Device Discovery Profiles in Security Director
- Running a Device Discovery Profile in Security Director
- Viewing the Device Discovery Profile Details in Security Director
- Device Discovery Main Page Fields
- play_arrow Secure Fabric
- play_arrow NSX Managers
- Understanding Juniper Connected Security for VMware NSX Integration
- Understanding Juniper Connected Security for VMware NSX-T Integration
- Before You Deploy vSRX in VMware NSX Environment
- Before You Deploy vSRX in VMware NSX-T Environment
- About the NSX Managers Page
- Download the SSH Key File
- Add the NSX Manager
- Registering Security Services
- Editing NSX Managers
- Viewing Service Definitions
- Deleting the NSX Manager
- Delete the NSX-T Manager
- Deploying the vSRX as an Advanced Security Service in a VMware NSX Environment
- Deploy the vSRX as an Advanced Security Service in a VMware NSX-T Environment
- play_arrow vCenter Servers
- play_arrow Licenses
-
- play_arrow Reports
- play_arrow Administration
- play_arrow My Profile
- play_arrow Users and Roles-Users
- Overview of Users in Security Director
- Creating Users in Security Director
- Editing and Deleting Users in Security Director
- Viewing and Terminating Active User Sessions in Security Director
- Viewing the User Details in Security Director
- Clearing Local Passwords for Users in Security Director
- Disabling and Enabling Users in Security Director
- Unlocking Users in Security Director
- Users Main Page Fields
- play_arrow Users and Roles-Roles
- play_arrow Users and Roles-Domains
- Overview of Domains in Security Director
- Creating Domains in Security Director
- Edit and Delete Domains in Security Director
- Exporting Domains in Security Director
- Viewing Users, Devices, and Remote Profiles Assigned to a Domain in Security Director
- Assigning Devices to Domains in Security Director
- Assigning and Unassigning Remote Profiles to Domains in Security Director
- Assigning and Unassigning Users to Domains in Security Director
- Domains Main Page Fields
- play_arrow Users and Roles-Remote Profiles
- play_arrow Logging Management
- play_arrow Logging Management-Logging Nodes
- play_arrow Logging Management-Statistics & Troubleshooting
- play_arrow Logging Management-Logging Devices
- play_arrow Monitor Settings
- play_arrow Signature Database
- play_arrow License Management
- play_arrow Migrating Content from NSM to Security Director
- play_arrow Policy Sync Settings
- play_arrow Insights Management
- Add Insights Nodes
- About the Alerts Settings Page
- Create a New Alert Setting
- Configure System Settings
- About the Identity Settings Page
- Add JIMS Configuration
- Edit and Delete an Identity Setting
- Configure Mitigation Settings
- About the Threat Intelligence Page
- Configure Threat Intelligence Source
- Edit and Delete Threat Intelligence Source
- About the ServiceNow Configuration Page
- About the Backup & Restore Page
- Create a Backup File and Restore the Configuration
- Download and Delete a Backup File
-
Creating Identity Management Profiles
Use the Create Identity Management Profile page to create a JIMS profile and to obtain user identities.
To create an identity management profile:
Field | Description |
|---|---|
General Information | |
Name | Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 255 characters. |
Description | Enter a description for the identity management profile; maximum length is 255 characters. |
General Information—Connection for Primary and Secondary Identity | |
Connection Type | Select the application protocol from the list used for the SRX Series device connection to Juniper Identity Management System (JIMS). You identify the connection protocol along with the configuration that identifies JIMS . The user query function allows the SRX Series device to request user authentication and identity information for an individual user from JIMS.
If the connection type option is not configured, HTTPS is used by default. |
Port | Select the connection port of the JIMS server, from the list. Default port number is 443. The range is 1 to 65535. |
Primary IP Address | Enter a valid IPv4 address of the primary JIMS server. SRX Series devices always query the primary JIMS to obtain the user identities. |
Primary CA Certificate | Enter the certificate of the primary JIMS server. The
SRX Series device uses this certificate to verify the certificate
of the JIMS server for the SSL connection that is used for the user
query function. For example: When SRX Series device does not receive the information from JIMS through the Web API POST requests, user query enables the SRX Series device to query JIMS for authentication and identity information for an individual user. |
Secondary Identity | Enable this option to use the secondary JIMS server as a fallback when the primary JIMS server fails. By default, this option is disabled. |
Secondary IP Address | Enter a valid IPv4 address of the secondary JIMS server. The secondary JIMS is available as a fall back option with limited resources. Use the secondary JIMS when the HTTP GET query or number of queries to the primary JIMS fails. |
Secondary CA Certificate | Enter the certificate of the secondary JIMS server. The SRX Series device uses this certificate to verify the JIMS server certificate for the SSL connection, used for the user query function. |
Token API | Enter the token API used to generate the URL to acquire an access token. The token API is combined with the connection method and the IP address of JIMS to produce the complete URL used to acquire an access token. For example, if the token API is oauth, the connection method is HTTPS, and the IP address of JIMS is 192.0.2.199, the complete URL to acquire an access token would be https://192.0.2.199/api/oauth. This is a required parameter. The default token API is oauth_token/oauth. |
Query API | Enter the query API to specify the path of the URL that the SRX Series device uses to query JIMS for an individual user. For the SRX Series device to be able to make a request, you must have configured the query API to obtain an access token. The SRX Series device generates the complete URL for the user query request by combining the query API string with the connection method (HTTP/HTTPS) and the JIMS IP address. |
Advanced Settings—Batch Query | |
Items per Batch | Enable this option to specify the maximum number of reports to include in the JIMS response. The minimum number of reports is 100. |
Query Interval | Enable this option to configure the time interval, in seconds, for SRX Series devices to periodically query JIMS for the newly generated user identities. |
Advanced Settings—IP Query | |
Query Delay Time | Enter the time in seconds for the SRX Series device to delay before sending the individual IP queries to JIMS for authentication and identity information for individual users. After the delay timeout expires, the SRX Series device sends the query to JIMS and creates a pending entry for the user in the Routing Engine authentication table. Range: 0 through 60 seconds |
No IP Query | Enable this option to disable the IP address query function that is enabled by default. |
Advanced Settings—Authentication Timeout | |
Authentication Entry Timeout | Enter the timeout interval after which, the idle entries in the JIMS authentication table expire. If a value of 0 is specified, the entries will never expire. Default is 60 minutes. The timeout interval begins when the user authentication entry is added to the JIMS authentication table. |
Assign Devices—Add Assign Devices | |
Device Name | Select the SRX Series device from the list for JIMS to send the report on user identities. |
Client ID | Enter the client ID that the SRX Series device requires to obtain an access token for the JIMS user query function. The client ID must be consistent with the API client configured on JIMS. |
Client Secret | Enter the client secret used with the client ID that the SRX Series device requires to obtain an access token. The client secret must be consistent with the API client configured on JIMS. |
