cancel
Showing results for 
Search instead for 
Did you mean: 

Split the flow between realm

Imported
Contributor

Split the flow between realm

Hi,


I don't know the Juniper but I will have soon a cluster of 4500  and I have some questions about

They are 3 access methods (core,application layer and network layer).

The Juniper will have the Wan and Lan interface in a separate DMZ (controled by a firewall)

I will use one realm by country or some services now I would like


Can you confirm me if possible If I don't make too many mistake ?


It's not possible to use a realm with a termination in a separate vlan on the LAN interface

It's not possible for core access and application layer accessto use a different IP address, all realm use the LAn ip address

For the network layer access I can use a different IP or a pool by realm



Can I use a policy base routing function (based on source or desdination or port) to redirect some flow to an other gateway.


How can I split or separate the flow with the core or application access.

Thanks for your reply

3 REPLIES 3
zanyterp_
Respected Contributor

Re: Split the flow between realm




@eric.loiseau@nextiraone.eu wrote:

Ok for roles, but is it possible to define a user belong to a role , and assign it (user or role) to a particular vlan and Regards






Yes, this can be done. You will need to create a VLAN on the system.

On the role, you will need to enable the option to use custom source IP and VLAN information at the following locations:

1) Users>User Roles>roleName>General>Options

2) Users>User Roles>roleName>General>Source IP/VLAN

srigelsford_
Contributor

Re: Split the flow between realm

Hi,

Don't get confused between realms and roles, roles contain the settings for users, and can be assigned to different vlans. A user can be part of more than one role though too. realms are puresly mapping authentication servers to roles.

SAs only support static destination routing, but each vlan has its own routing table.

Sam.

Imported
Contributor

Re: Split the flow between realm

Hi,




I known others SSL VPN solution, SA is my first step with Juniper

Ok for roles, but is it possible to define a user belong to a role , and assign it (user or role) to a particular vlan and network.

One question that I have is to control that a user from a country will have a dedicated IP address/network and if it's possible to filter it on the firewall but it's an other topic.

I will have 10 countries and 5 services and for each I would like to delegate the management and use a different Ip , As I read is that we can only define an IP or pool for the network Layer access.





Regards