Juniper Identity Management Service Datasheet
Download DatasheetProduct Overview
User identity is a core requirement of next-generation firewalls, enabling administrators to create security policies that address business rather than networking needs. This creates a powerful mechanism for defining, managing, and refining security policies by creating firewall rules defined by user identity rather than an IP address.
Product Description
Juniper® Identity Management Service (JIMS) is a Windows-based application that links IP addresses to specific user identities, providing visibility into and control over network activity per user. JIMS integrates directly with Active Directory servers to verify user-to-IP address relationships and determine specific role and group assignments. This enables SRX Series Services Gateways to manage security policy decisions that directly associate application activity with user roles. Based on this information, the SRX Series firewall either permits or denies users access to applications and data based on detailed security policies.
Juniper Identity Management Service has a highly scalable user identity management system, supporting 20 domain controllers, which can scale up to 150 and support more than 256,000 users. Juniper Identity Management Services also tracks and prevents unauthorized users from accessing corporate resources before a data breach occurs.
On Juniper Networks® SRX Series Services Gateways, this capability is called a “user firewall.” The SRX Series device will associate network traffic with specific user identities defined by Active Directory. The SRX Series firewall typically performs a local lookup of the user-id associated with a specific IP address.
The Juniper® Identity Management Service for Windows maintains a large database of active users and their associated IP addresses, enabling an SRX Series firewall to identify thousands of users in a large distributed enterprise rapidly. The SRX Series device queries the JIMS server, obtains the proper user-id relationship, and enforces the appropriate security policy. Once applications, users, and groups are identified, JIMS provides full visibility and control over the security infrastructure.
Figure 1: JIMS resides on a Windows server, communicating with Active Directory servers and SRX Series Services Gateways.
Features and Benefits
The Juniper Identity Management Service has the following features:
User Identification
JIMS connects to an Active Directory server to provide IP address-to-user name mappings and to collect user and device status for SRX Series firewalls. JIMS collects domain and user names; for device login events, it collects domain and machine names.
PC Probing
JIMS initiates PC probes on devices to obtain the user name and domain of active users and to determine the device’s status after its logged-in state has expired.
SRX Series Query Support
JIMS responds to individual HTTPS GET queries for IP addresses from SRX Series devices with the corresponding user names.
IP Address and User Group Filtering
JIMS provides the ability to include or exclude specified IP address ranges or Active Directory groups in the authentication tables of the SRX Series devices.
Remote Syslog to Collect User Data
JIMS collects syslog data from other sources containing user name, device name, domain, groups, and/or IP address mappings and turns it into cache and policy enforcement entries on SRX Series firewalls.
Status Monitoring and System Logging
JIMS provides detailed information on Active Directory and SRX Series firewall connectivity state, sessions, records captured, and PC Probe counts. JIMS produces system logs to record various events and activities for troubleshooting purposes.
Specifications
| Windows server requirements | Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 with Windows Server 2012 R2 Updates (KB2919355 and KB2999226) Windows Server 2008 R2 with Service Pack 1 (SP1) and Update for Windows Server 2008 R2 x64 Edition (KB3140245) 4-Core CPU, 16 GB, 100 HDD |
| Identity source | Active Directory: 2008 R2 and later Exchange: 2010 SP3 Remote syslog |
| Platforms supported | vSRX, SRX300 line, SRX1500, SRX4100, SRX4200, SRX5000 line (15.1 release) SRX650, SRX240H2, SRX3000 line, and SRX5000 line (12.3 release) |
| Current active Junos releases | 15.1X49 D100 and above 12.3X48 D45 and above |
| Maximum SRX Series device support | Up to 1200 |
| Maximum active directories | 100 |
| Maximum syslog sources | 200 |
| Maximum domains | 25 |
| Maximum user entries | 500000 |
Ordering Information
Juniper Identity Management Service is provided free of charge to customers with an active Juniper service contract. The software can be downloaded from https://support.juniper.net/support/downloads/?p=jims&sw .
About Juniper Networks
Juniper Networks brings simplicity to networking with products, solutions and services that connect the world. Through engineering innovation, we remove the constraints and complexities of networking in the cloud era to solve the toughest challenges our customers and partners face daily. At Juniper Networks, we believe that the network is a resource for sharing knowledge and human advancement that changes the world. We are committed to imagining groundbreaking ways to deliver automated, scalable and secure networks to move at the speed of business.
1000618 - 007 - EN JULY 2023
