Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
See matching posts in thread - SSG5 TROUBLE ACCESSING SERVERS ON VLAN IN DMZ ...
See matching posts in thread - Hi, If i have allowed traffic for some custom tc...
See matching posts in thread - How to create a route to a sub interface in the ...
Below is the sample CLI config generated by SD when user field(source-identity) is configured in security policies: set security policies from-zone trust to-zone untrust policy p1 match source-address any set security policies from-zone trust to-zone untrust policy p1 match destination-address any set security policies from-zone trust to-zone untrust policy p1 match application any set security policies from-zone trust to-zone untrust policy p1 match source-identity unauthenticated-user set security policies from-zone trust to-zone untrust policy p1 then permit firewall-authentication user-firewall access-profile profile1 set security policies from-zone trust to-zone untrust policy p2 match source-address any set security policies from-zone trust to-zone untrust policy p2 match destination-address any set security policies from-zone trust to-zone untrust policy p2 match application any set security policies from-zone trust to-zone untrust policy p2 match source-identity “nm.sdtest\rjnsandeep” set security policies from-zone trust to-zone untrust policy p2 then permit As mentioned earlier this feature provides visibility into who is accessing resources within an organization
This is done by an application service called ssl-proxy: set security policies from-zone trust to-zone untrust policy allow-https match source-address any set security policies from-zone trust to-zone untrust policy allow-https match destination-address any set security policies from-zone trust to-zone untrust policy allow-https match application junos-https set security policies from-zone trust to-zone untrust policy allow-https then permit application-services ssl-proxy profile-name trusted-ca-group-profile resulting in: policy allow-https ( match ( source-address any; destination-address any; application junos-https; ) then ( permit ( application-services ( ssl-proxy ( profile-name trusted-ca-group-profile; ) ) ) ) ) As a final step we need the client (browser) to use
4 Comments - no search term matches found in comments.
Only the Coordinated Universal Time (UTC) time-zone is supported. If a different time-zone is configured the commit will fail with an error
See matching posts in thread - xxxx@Juniper1> show configuration | display set ...
See matching posts in thread - It looks like you may have both the zone...
See matching posts in thread - When a packet arrives, the ingress interface bel...
See matching posts in thread - Hello, I would use two reth interfaces per ...