hi
I have an urgent query. I was using UAC 5.0 on MAG and SRX 1400 in Chassis cluster with Junos 10.4 as the L3 enforcer.
The solution was deployed successfully and everthing was rorking fine until recently I upgrade my SRX 1400 junos software from version 10.4 to 12.1. After the upgrade junos software, all the UAC policies configured on SRX 1400 is not working. The device is connected to UAC properly and users are shown in auth table of SRX device...
Any help
Regards
Yes I upgrade junos software to 12.1x44d40. I remove all the unified-access-control configuration on SRX then commit and then reconfigure the uac settings, but still no luck.
here is uac configuration on srx
-------------------------------------------------------------------------------------------------------------------------------------------------------
set services unified-access-control infranet-controller MAG-UAC address 10.50.50.100
set services unified-access-control infranet-controller MAG-UAC interface reth1.50
set services unified-access-control infranet-controller MAG-UAC password [email protected]
set security policies from-zone Wifi to-zone Internet policy test-uac match source-address Arslan-1.12
set security policies from-zone Wifi to-zone Internet policy test-uac match destination-address any
set security policies from-zone Wifi to-zone Internet policy test-uac match application any
set security policies from-zone Wifi to-zone Internet policy test-uac then permit application-services uac-policy
set security policies from-zone Wifi to-zone Internet policy test-uac then log session-init
--------------------------------------------------------------------------------------------------------------------------------------------------------
Following is the output of few show commands.
> show services unified-access-control status
node0:
--------------------------------------------------------------------------
Host Address Port Interface State
MAG-UAC 10.50.50.100 11123 reth1.50 connected
> show services unified-access-control roles
node0:
--------------------------------------------------------------------------
Name Identifier
Trust-User 0000000001.000005.0
Remediate-User 1396270434.123514.0
Trust-Agentless 1395391788.690864.0
GUAM 1395991600.414804.0
Guest-Users 1395992372.36996.0
Corporate-Wifi 1395994939.110403.0
> show services unified-access-control policies
node0:
--------------------------------------------------------------------------
Id Resource Action Apply Role identifier
1 10.100.111.111:* allow selected 1396270434.123514.0
2 *:* allow selected 0000000001.000005.0
> show services unified-access-control counters
node0:
--------------------------------------------------------------------------
(Counter command showing nothing...............)
Should i use the source-identity in security policy?
Since we use capitive portal in srx uac policy, If I dont use the application-services in security policies than how I can redirect the users towards UAC (captive portal)?
Second I cant understand the behavior of security policy. If I use the source-identity with unauthenticated user and uac-policy with application-services the policy is bypass (not matched even user is still unautheticated), and if I did not use source-identity with application services uac-policy the policy is matched but policy did not allow the user traffic...