Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Juniper Security Director® is the next generation on-premises security management product for SRX Series Firewalls and vSRX. For more details, visit Juniper Security Director documentation page or contact your sales team.

close
header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Junos Space Security Director Junos Space Security Director User Guide Configure User Firewall Management-Active Directory

Junos Space Security Director User Guide

keyboard_arrow_up
close
keyboard_arrow_left
Junos Space Security Director User Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Creating Active Directory Profiles

date_range 08-Jul-23
arrow_backward
arrow_forward

Use the Create Active Directory Profile page to configure the IP address-to-user mapping information and the user-to-group mapping information to access the LDAP server.

To create an Active Directory profile:

  1. Select Configure > User Firewall Management > Active Directory.

    The Active Directory Profile page appears.

  2. Click the + icon.
  3. Complete the configuration by using the guidelines in Table 1.
  4. Click Finish.

    A Summary page providing a preview of the complete configuration appears.

  5. Click OK to complete the configuration or Back to make any modifications.
Table 1: Fields on the Create Active Directory Profile Page

Field

Description

General Information

Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 255 characters.

Description

Enter a description for the Active Directory profile; maximum length is 255 characters.

On Demand Probe

Enable the manual on-demand probing of a domain PC as an alternate method for the SRX Series device to retrieve address-to-user mapping information.

By default, the manual on-demand probing is not enabled.

Timeout

Authentication Entry Timeout

Set the timeout to 0 to avoid having the user's entry being removed from the authentication table after the timeout.

Note that when a user is no longer active, a timer is started for that user’s entry in the Active Directory authentication table. When the time is up, the user’s entry is removed from the table. Entries in the table remain active as long as there are sessions associated with the entry.

The default authentication entry timeout is thirty minutes. To disable timeout, set the interval to zero. The range is 10 through 1440 minutes.

WMI Timeout

Configure the number of seconds that the domain PC has to respond to the SRX Series device’s query through Windows Management Instrumentation (WMI) or Distributed Component Object Module (DCOM).

If no response is received from the domain PC within the wmi-timeoutinterval, the probe fails and the system either creates an invalid authentication entry or updates the existing authentication entry as invalid. If an authentication table entry already exists for the probed IP address, and no response is received from the domain PC within the wmi-timeout interval, the probe fails and that entry is deleted from the table.

The range is 3 through 120 seconds.

Filter

Filter

Set the range of IP addresses that must be monitored or not monitored.

  • Include—Specify to include IP addresses from the Available column.

  • Exclude—Specify to exclude IP addresses from the Available column.

Click Add New Address to create a new IP address and add it as either include or exclude from monitoring.

Add Domain Settings

Domain Name

Enter the name of the domain; the length of the name ranges from 1 through 64 characters. The SRX Series device can have the integrated user firewall configured in a maximum of two domains.

Example: example.net

Description

Enter a description for the LDAP server domain; maximum length is 255 characters.

Username

Enter the Active Directory account name. The range is 1 through 64 characters.

Example: administrator

Password

Enter the password of the Active Directory account. The range is 1 through 128 characters.

Example: $ABC123

Domain Controller(s)

Click the plus(+) sign to create new domain controllers.

  • Domain Controller Name— Name can range from 1 through 64 characters. A maximum of 10 domain controllers can be configured.

  • IP Address—IP address of the domain controller.

User Group Mapping(LDAP)

IP Address

Specify the IP address of the LDAP server. If no address is specified, the system uses one of the configured Active Directory domain controllers.

Example: 192.0.2.15

Port

Specify the port number of the LDAP server. If no port number is specified, the system uses port 389 for plaintext or port 636 for encrypted text.

Base DN

Enter the LDAP base distinguished name (DN).

Example: DC=example,DC=net

Username

Enter the username of the LDAP account. If no username is specified, the system will use the configured domain controller’s username.

Example: administrator

Password

Enter the password for the account. If no password is specified, the system uses the configured domain controller’s password.

Example: xxxxx

Use SSL

Enable Secure Sockets Layer (SSL) to ensure secure transmission with the LDAP server. Disabled by default, then the password is sent in plaintext.

Authentication Algorithm

Specify the algorithm used while the SRX Series device communicates with the LDAP server. By default simple is selected to configure simple(plaintext) authentication mode.

IP-User Mapping

Discovery Method

Enable the method of discovering IP address-to-user mappings.

  • WMI—Windows Management Instrumentation (WMI) is the discovery method used to access the domain controller.

Event Log Scanning Interval

Enter the scanning interval at which the SRX Series device scans the event log on the domain controller. The range is 5 through 60 seconds.

Initial Event Log TimeSpan

Enter the time of the earliest event log on the domain controller that the SRX Series device will initially scan. This scan applies to the initial deployment only. After WMIC and the user identification start working, the SRX Series device scans only the latest event log.

The range is 1 through 168 hours.

Assign Device

Device

Select these devices from the Available column and move them to the Selected column.

You can also search for the devices in the search field in both the Available and Selected columns. You can search these devices by entering the device name, device IP address, or device tag.

Related Documentation

arrow_backward PREVIOUS About the Active Directory Profile Page
NEXT arrow_forward Deploying the Active Directory Profile to SRX Series Devices
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top