User role firewall providing flexibility and higher security

By integrating user firewall policies, administrators can permit or restrict network access of employees, contractors, partners, and other users based on the roles they are assigned. A new match criteria, source-identity, defines applicable roles for each policy. In this way, traffic can be permitted or denied access based on the role of the user, as well as the zone pair, source and destination IP addresses, and application. To enhance a user role firewall implementation, the SRX Series device can be configured to interact with a Junos Pulse Access Control Service, providing a source of dynamic user role information. The Access Control Service can also be configured as a relay between a third-party authentication server and the SRX Series device. In this configuration, SPNEGO and Kerberos protocols provide a single sign-on environment for dynamic role provisioning.