} }
Hierarchy Level [edit services]
Release Information Statement introduced in Junos OS Release 12.1X44-D10.
Description Specify the configuration for Secure Socket Layer (SSL) support service.
Options The remaining statements are explained separately.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Related Documentation
• Junos OS Security Configuration Guide
ssl-termination-profile
Syntax ssl-termination-profile profile-name;
Hierarchy Level [edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit firewall-authentication pass-through]
Release Information Statement introduced in Junos OS Release 12.1X44-D10.
Description Specify the SSL termination profile used for SSL offloading.
Options profile-name—Specify the name of the SSL termination profile used to the SSL offload.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
success
Syntax success string;
Hierarchy Level [edit access firewall-authentication pass-through default-profile name (ftp | http | telnet) banner],
[edit access firewall-authentication web-authentication]
Release Information Statement introduced in Release 8.5 of Junos OS.
Description Specify the banner (message) that users see when trying to connect using FTP, HTTP, or Telnet after successful authentication.
Options string—Banner text. Maximum length of the message text is 250 characters. Enclose the banner text within spaces or special characters—for example, quotation marks (”
“).
Required Privilege Level
access—To view this statement in the configuration.
access-control—To add this statement to the configuration.
Related Documentation
telnet (Access)
Syntax telnet { banner {
fail string;
login string;
success string;
} }
Hierarchy Level [edit access firewall-authentication pass-through]
Release Information Statement introduced in Release 8.5 of Junos OS.
Description Configure banners for Telnet login prompt, successful authentication, and failed authentication.
Options The remaining statements are explained separately.
Required Privilege Level
access—To view this statement in the configuration.
access-control—To add this statement to the configuration.
Related Documentation
timeout (Access LDAP)
Syntax timeout seconds;
Hierarchy Level [edit access ldap-server server-address]
[edit access profile profile-name ldap-server server-address]
Release Information Statement introduced in Release 8.5 of Junos OS.
Description Configure the amount of time that the local device waits to receive a response from an LDAP server.
Options seconds—Amount of time to wait.
Range: 1 through 90 seconds Default: 3 seconds
Required Privilege Level
access—To view this statement in the configuration.
access-control—To add this statement to the configuration.
Related Documentation
timeout (Access RADIUS)
Syntax timeout seconds;
Hierarchy Level [edit access radius-server server-address]
[edit access profile profile-name radius-server server-address]
Release Information Statement modified in Release 8.5 of Junos OS.
Description Configure the amount of time that the local device waits to receive a response from a RADIUS server.
Options seconds—Amount of time to wait.
Range: 1 through 90 seconds Default: 3 seconds
Required Privilege Level
secret—To view this statement in the configuration.
secret-control—To add this statement to the configuration.
Related Documentation
traceoptions (Access)
Hierarchy Level [edit access firewall-authentication]
Release Information Statement introduced in Release 8.5 of Junos OS.
Description Define Routing Engine firewall authentication tracing options.
Options file filename—Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. All files are placed in the directory /var/log.
•
• files number—(Optional) Maximum number of trace files. When a trace file named trace-filereaches its maximum size, it is renamed to trace-file.0, then trace-file.1, and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.
• If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.
Range: 2 through 1000 files Default: 10 files
• match regular-expression—(Optional) Refine the output to include lines that contain the regular expression.
• sizemaximum-file-size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file.0. When the trace-file again reaches its maximum size, trace-file.0is renamed trace-file.1 and trace-file is renamed trace-file.0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.
• If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.
Syntax: x k to specify KB, x m to specify MB, or x g to specify GB Range: 10 KB through 1 GB
Default: 128 KB
• world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option
enables any user to read the file. To explicitly set the default behavior, use the no-world-readableoption.
• flag flag—Tracing operation to perform. To specify more than one tracing operation, include multiple flag statements. You can include the following flags.
• all—All tracing operations
• authentication—Trace authentication events
• configuration—Trace configuration events
• setup—Trace setup of firewall authentication service
Required Privilege Level
trace—To view this statement in the configuration.
trace-control—To add this statement to the configuration.
Related Documentation
traceoptions (Security Firewall Authentication)
Syntax traceoptions { flag {
all <detail | extensive | terse>;
authentication <detail | extensive | terse>;
proxy <detail | extensive | terse>;
} }
Hierarchy Level [edit security firewall-authentication]
Release Information Statement introduced in Release 8.5 of Junos OS.
Description Define data-plane firewall authentication tracing options.
Options • flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.
• all—Enable all tracing operations
• authentication—Trace data-plane firewall authentication events
• proxy—Trace data-plane firewall authentication proxy events
• detail—Display moderate amount of data in trace.
• extensive—Display extensive amount of data in trace.
• terse—Display minimum amount of data in trace.
Required Privilege Level
trace—To view this statement in the configuration.
trace-control—To add this statement to the configuration.
traceoptions (Services)
Syntax traceoptions { file file-name; { files;
match;
no-world-readable size;
world-readable;
} flag { all;
cli-configuration;
initiation;
proxy;
selected-profile;;
termination }
level;
no-remote-trace;
}
Hierarchy Level [edit services ssl]
Release Information Statement introduced in Junos OS Release 12.1X44-D10.
Description Specify the trace file information.
Options • file-name—Specify the name of file in which to write trace information.
• files—Specify the maximum number of trace files. Range: 2 to 1000.
• match—Specify the regular expression for lines to be logged.
• no-world-readable size—Do not allow any user to read the log file.
• size—Specify the maximum trace file size. Range: 10,240 to 1,073,741,824.
• world-readable—Allow any user to read the log file.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Related Documentation
• Junos OS Security Configuration Guide
termination (Services)
Syntax termination {
profile profile-name {
custom-ciphers [ rsa-with-rc4-128-md5 RSA | 128bit rc4 | md5 hash rsa-with-rc4-128-sha RSA | 128bit rc4 |sha hash rsa-with-des-cbc-sha RSA | des cbc | sha hash
rsa-with-3des-ede-cbc-sha RSA | 3des ede/cbc | sha hash rsa-with-aes-128-cbc-sha RSA | 128 bit aes/cbc | sha hash rsa-with-aes-256-cbc-sha RSA | 256 bit aes/cbc |sha hash rsa-export-with-rc4-40-md5 RSA-export | 40 bit rc4 | md5 hash
rsa-export-with-des40-cbc-sha RSA-export | 40 bit des/cbc | sha hash rsa-export1024-with-des-cbc-sha RSA 1024 bit export | des/cbc | sha hash rsa-export1024-with-rc4-56-md5 RSA 1024 bit export | 56 bit rc4 | md5 hash rsa-export1024-with-rc4-56-sha RSA 1024 bit export | 56 bit rc4 | sha hash
rsa-with-null-md5 RSA | no symmetric cipher | md5 hash rsa-with-null-sha RSA | no symmetric cipher | sha hash];
enable-flow-tracing;
enable-session-cache;
preferred-ciphers (custom | medium | strong | weak);
protocol-version (all | ssl3 | tls1);
server-certificate server-certificate;
} }
Hierarchy Level [edit services ssl]
Release Information Statement introduced in Junos OS Release 12.1X44-D10.
Description Specify the configuration for Secure Socket Layer (SSL) termination support service.
Options The remaining statements are explained separately.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Related Documentation
• Junos OS Security Configuration Guide
trusted-ca (Services)
Syntax trusted-ca trusted-ca-name ([ | ] | all);
Hierarchy Level [edit services ssl proxy profile profile-name]
[edit services ssl termination profile profile-name]
Release Information Statement introduced in Junos OS Release 12.1X44-D10.
Description Specify the list of trusted certificate authority profiles.
Options • trusted-ca-name—Specify the certificate authority profile name.
• [—Open a set of values.
• ]—Close a set of values.
• all—Select all certificate authority profiles.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Related Documentation
• Junos OS Security Configuration Guide