/
AJSEC Lab8 Integrated User Firewall
AJSEC Lab8 Integrated User Firewall
Jean-luc KRIKER
Owned by Jean-luc KRIKER
Last updated: Mar 14, 2019
code Expand source
Part 2: show services user-identification active-directory-access domain-controller status show services user-identification authentication-table authentication-source all show services user-identification device-information table all show services user-identification active-directory-access statistics ip-user-mapping lab@vSRX-1> show configuration services user-identification | display set set services user-identification active-directory-access domain juniper.net user administrator set services user-identification active-directory-access domain juniper.net user password "$9$tIX5pBEcSeMWxEhVwg4ZGUDiHm5Qz6CA0" set services user-identification active-directory-access domain juniper.net domain-controller DC1 address 172.16.1.253 set services user-identification active-directory-access domain juniper.net ip-user-mapping discovery-method wmi event-log-scanning-interval 10 set services user-identification active-directory-access domain juniper.net ip-user-mapping discovery-method wmi initial-event-log-timespan 1 set services user-identification active-directory-access domain juniper.net user-group-mapping ldap authentication-algorithm simple set services user-identification active-directory-access domain juniper.net user-group-mapping ldap base DC=juniper,DC=net set services user-identification active-directory-access authentication-entry-timeout 30 set services user-identification active-directory-access wmi-timeout 10 Part 3: SD: Configure / Firewall Policy / Policies workspace. >> Create a Fw Policy / secu policy >> Add Rule to policy lab@vSRX-1> show configuration security policies | display set set security policies from-zone Trust to-zone Server policy UserFW match source-address any set security policies from-zone Trust to-zone Server policy UserFW match destination-address any set security policies from-zone Trust to-zone Server policy UserFW match application any set security policies from-zone Trust to-zone Server policy UserFW match source-identity authenticated-user set security policies from-zone Trust to-zone Server policy UserFW then permit !!! Hiden command: clear services user-identification active-directory-access active-directory-authentication-table show services user-identification active-directory-access active-directory-authentication-table al jim/lab123@Lab Part 4: SD: Configure / User Firewall Management / Access Profile workspa ce. >> Create an Access profile set access profile AD-Profile authentication-order ldap set access profile AD-Profile authentication-order password set access profile AD-Profile ldap-options base-distinguished-name CN=Users,DC=juniper,DC=net set access profile AD-Profile ldap-options search search-filter sAMAccountName= set access profile AD-Profile ldap-options search admin-search distinguished-name CN=administrator,CN=Users,DC=juniper,DC=net set access profile AD-Profile ldap-options search admin-search password lab123@Lab set access profile AD-Profile ldap-server 172.15.1.253 port 389 Same but from the vSRX: lab@vSRX-1> show configuration access | display set set access profile AD-Profile authentication-order ldap set access profile AD-Profile authentication-order password set access profile AD-Profile ldap-options base-distinguished-name CN=Users,DC=juniper,DC=net set access profile AD-Profile ldap-options search search-filter sAMAccountName= set access profile AD-Profile ldap-options search admin-search distinguished-name CN=administrator,CN=Users,DC=juniper,DC=net set access profile AD-Profile ldap-options search admin-search password "$9$Ef0hrvW87dVYvMaZji.mPfTQn9AtOIRS" set access profile AD-Profile ldap-server 172.15.1.253 port 389 Part 5: SD: Configure / Firewall Policy / Policies workspace. >> Add a rule to the policy Pushed by the Security Director: set security policies from-zone Trust to-zone Server policy userFW-unauth match application any set security policies from-zone Trust to-zone Server policy userFW-unauth match destination-address any set security policies from-zone Trust to-zone Server policy userFW-unauth match source-address any set security policies from-zone Trust to-zone Server policy userFW-unauth match source-identity unauthenticated-user set security policies from-zone Trust to-zone Server policy userFW-unauth match source-identity unknown-user set security policies from-zone Trust to-zone Server policy userFW-unauth then permit firewall-authentication user-firewall access-profile AD-Profile set security policies from-zone Trust to-zone Server policy userFW-unauth then permit firewall-authentication user-firewall domain juniper.net lab@vSRX-1> show configuration security policies | display set set security policies from-zone Trust to-zone Server policy UserFW match source-address any set security policies from-zone Trust to-zone Server policy UserFW match destination-address any set security policies from-zone Trust to-zone Server policy UserFW match application any set security policies from-zone Trust to-zone Server policy UserFW match source-identity authenticated-user set security policies from-zone Trust to-zone Server policy UserFW then permit set security policies from-zone Trust to-zone Server policy userFW-unauth match source-address any set security policies from-zone Trust to-zone Server policy userFW-unauth match destination-address any set security policies from-zone Trust to-zone Server policy userFW-unauth match application any set security policies from-zone Trust to-zone Server policy userFW-unauth match source-identity unauthenticated-user set security policies from-zone Trust to-zone Server policy userFW-unauth match source-identity unknown-user set security policies from-zone Trust to-zone Server policy userFW-unauth then permit firewall-authentication user-firewall access-profile AD-Profile set security policies from-zone Trust to-zone Server policy userFW-unauth then permit firewall-authentication user-firewall domain juniper.net lab / lab123 jum / lab123 ( domain: juniper ) | |
|
, multiple selections available,
Related content
AJSEC Lab1 Layer2 security
AJSEC Lab1 Layer2 security
More like this
AJSEC Lab7 IPS Rulebase
AJSEC Lab7 IPS Rulebase
More like this
UserFW or user firewall and Juniper Identity Management Services
UserFW or user firewall and Juniper Identity Management Services
More like this
2- Security Policies or firewall policy in Jweb SD and CSO
2- Security Policies or firewall policy in Jweb SD and CSO
More like this
firewall policy on CSO or security zone & security policy in CLI
firewall policy on CSO or security zone & security policy in CLI
More like this
dynamic VPN / IPsec configuration
dynamic VPN / IPsec configuration
More like this