SRX

i have read about user role policy ???

but i dont know why i would use it or when to use it ??

have any one working as a security engineer knows when or why i would use it ? 

Hi,

 

You can refer below tech pubs:

 

Understanding User Role Firewalls

 

Example: Configuring a User Role Firewall on an SRX Series Device

 

[KUDOS PLEASE! If you think I earned it!

If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]

i read the article but still dont know why i would need it  from security environment point of view

Instead of relying on just the IP addresses to decide whether to permit or deny, with this userFW ,we will get another criteria to decide upon and that is username or his group membership info, which can be fetched from AD/UAC etc.. In evironments where the IP assigned to a user could change but his username/AD group membership remains constant , so on SRX we can enforce a rule based on this .

For more on the use case, https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/nce-165-use-case.html

Hi Folks,
Please find some pointers on the same!

 

https://forums.juniper.net/jnet/attachments/jnet/NetSecurity/213/1/Userfw%20configuration%20guide.pdf
https://www.juniper.net/documentation/en_US/junos/topics/concept/security-user-role-firewall-understanding.html
https://www.juniper.net/documentation/en_US/junos12.1x46/topics/example/security-user-role-firewall-configuring.html
https://www.juniper.net/documentation/en_US/junos/topics/concept/security-user-role-policy-lookup-understanding.html
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-user-role-policy-with-firewall-authentication-configuring.html

 

-rengar