Juniper User Authentication Configuration
Following are the command line configuration for Juniper User authentication on SRX boxes:
To configure the device for pass-through firewall authentication
- set access profile FWAUTH client yogesh firewall-user password abc@123
- set access firewall-authentication
pass-through default-profile FWAUTH
- set
security policies from-zone Internal to-zone External policy NewPol match
source-address HQ-LOCAL destination-address any application http
- set
security policies from-zone Internal to-zone External policy NewPol then permit firewall authentication
pass-through client-match yogesh
By default access allowed for
10 min in case of idle session to change the settings
#set
access profile FWAUTH session-options client-idle-timeout "TIME IN
MIN"
To view the current authentication table
>show
security firewall-authentication users
>show
security firewall-authentication history
To configure the device for Web firewall authentication
- set
access profile WEBAUTH client yogesh firewall-user password abc@123
- set
access firewall-authentication web-authentication default-profile WEBAUTH
- set
system services web-management http interface fe-0/0/5.0
- set
interfaces fe-0/0/5.0 family inet set address 192.168.1.250/24
web-authentication http
- set
security policies from-zone Internal to-zone External policy NewPol match
source-address HQ-LOCAL destination-address
any application http
set security policies from-zone Internal to-zone
External policy NewPol then permit
firewall authentication web-authentication client-match
To configure the Client group
- set
access profile WEBAUTH client C-NAME client-group G-NAME firewall-user
password abc@123
No comments:
Post a Comment