Configuring If-Map Federation Settings; Configuring If-Map Servers (Nsm Procedure); Configuring If-Map Client Settings On The Secure Access Device (Nsm - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual

CHAPTER 20

Configuring IF-MAP Federation Settings

Configuring IF-MAP Servers (NSM Procedure)

Copyright © 2010, Juniper Networks, Inc.
This chapter describes the interoperation between heterogeneous network appliances
in a federated network. In a federated network, users providing valid credentials can
access resources protected by any number of Juniper Networks security devices without
re-authenticating through a different device. Juniper Networks IDP Series Intrusion
Detection and Prevention Appliance can be incorporated into a federated network to
protect against attacks within the network.
This chapter includes the following topics:
Configuring IF-MAP Servers (NSM Procedure) on page 283
Configuring IF-MAP Client Settings on the Secure Access Device (NSM
Procedure) on page 284
Configuring IF-MAP Session Export Policy on the Secure Access Device (NSM
Procedure) on page 285
Configuring IF-MAP Session Import Policy on the Secure Access Device (NSM
Procedure) on page 288
Configuring IF-MAP Server Replicas (NSM Procedure) on page 290
You must add all IF-MAP clients to the Secure Access IF-MAP server to permit the server
to communicate with its clients. To add clients, you must specify the IP address and the
security mechanism and credentials for each client.
An IF-MAP server certificate must also be installed on the IF-MAP server. The client
verifies the server certificate when it connects to the server. The server certificate must
be signed by a certificate authority (CA), the client must be configured to trust certificates
signed by that CA, and the hostname in the server certificate must match the hostname
in the IF-MAP URL on the client.
283