Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SecurID parameters explained



Article ID: KB5608 KB Last Updated: 29 Jul 2010Version: 3.0
SecurID parameters explained
SecurID for authentication Configuration of SecurID

Master Server: (mandatory)
This is the IP Address of the main ACE server. This IP Address will be the machine where all of the ACE configuration will take place.

Slave Server: (optional)
This is the secondary ACE server. It will respond to request from an ACE client when the ACE server is no longer responding. See ACE server documentation for setting this up, the NetScreen device requires no additional setup other than this IP Address to support Slave Servers. This requires an additional license from Security Dynamics.

Authentication Port: (default value recommended)
This is the port on which the ACE Server will listen for authentication requests. Its default value is 5500 and the NetScreen device must be configured to use the same value as the ACE Server.

Client Retries:
This is the number of times the NetScreen device will retry establishing communication with the ACE Server for each authentication request. If communication cannot be established with the ACE Server the authentication request will be denied.

Client Timeout:
This is the length of time (in seconds) the NetScreen device will wait between retry attempts.

Encryption Type: (default recommended)
This is the type of encryption that will be used for communication between the ACE Server and the NetScreen device. This MUST match the ACE Server's configuration. The SDI encryption option is only for historical reasons, the DES encryption at one time was not exportable and the SDI encryption was. All new installations of SecurID will use DES.

Use Duress:
This is a feature of SecurID that allows users to have a PIN that signifies that they are being forced to log in. This will allow the user entry this time, but never again until cleared by the ACE Server administrator. This requires and additional license from Security Dynamics.

Here is the problem or goal:

  • SecurID parameters explained

Problem Environment:

  • SecurID for authentication
  • Configuration of SecurID

Applicable Products:

  • NetScreen-5
  • NetScreen-5XP
  • NetScreen-10
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-1000
  • NetScreen-5200

Applicable ScreenOS:

  • 2.50
  • 2.6.0
  • 2.6.1
  • 2.7.1
  • 2.8.0
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.1.0

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search