Yes I upgrade junos software to 12.1x44d40. I remove all the unified-access-control configuration on SRX then commit and then reconfigure the uac settings, but still no luck. here is uac configuration on srx ------------------------------------------------------------------------------------------------------------------------------------------------------- set services unified-access-control infranet-controller MAG-UAC address 10.50.50.100 set services unified-access-control infranet-controller MAG-UAC interface reth1.50 set services unified-access-control infranet-controller MAG-UAC password
[email protected] set security policies from-zone Wifi to-zone Internet policy test-uac match source-address Arslan-1.12 set security policies from-zone Wifi to-zone Internet policy test-uac match destination-address any set security policies from-zone Wifi to-zone Internet policy test-uac match application any set security policies from-zone Wifi to-zone Internet policy test-uac then permit application-services uac-policy set security policies from-zone Wifi to-zone Internet policy test-uac then log session-init -------------------------------------------------------------------------------------------------------------------------------------------------------- Following is the output of few show commands. > show services unified-access-control status node0: -------------------------------------------------------------------------- Host Address Port Interface State MAG-UAC 10.50.50.100 11123 reth1.50 connected > show services unified-access-control roles node0: -------------------------------------------------------------------------- Name Identifier Trust-User 0000000001.000005.0 Remediate-User 1396270434.123514.0 Trust-Agentless 1395391788.690864.0 GUAM 1395991600.414804.0 Guest-Users 1395992372.36996.0 Corporate-Wifi 1395994939.110403.0 > show services unified-access-control policies node0: -------------------------------------------------------------------------- Id Resource Action Apply Role identifier 1 10.100.111.111:* allow selected 1396270434.123514.0 2 *:* allow selected 0000000001.000005.0 > show services unified-access-control counters node0: -------------------------------------------------------------------------- (Counter command showing nothing...............) Should i use the source-identity in security policy?
... View more