Understanding Firewall User Authentication in Transparent Mode
A firewall user is a network user who must provide a username
and password for authentication when initiating a connection across
the firewall. Firewall user authentication enables administrators
to restrict and permit users accessing protected resources behind
a firewall based on their source IP address and other credentials.
JUNOS software supports the following types of firewall user authentication
for transparent mode on the SRX services gateway:
Pass-through authentication—A host or a user from
one zone tries to access resources on another zone. You must use an
FTP, Telnet, or HTTP client to access the IP address of the protected
resource and be authenticated by the firewall. The device uses FTP,
Telnet, or HTTP to collect username and password information, and
subsequent traffic from the user or host is allowed or denied based
on the result of this authentication.
Web authentication—Users try to connect, by using
HTTP, to an IP address on the IRB interface that is enabled for Web
authentication (see Configuring an IRB Interface). You are prompted for the username and password that are verified
by the device. Subsequent traffic from the user or host to the protected
resource is allowed or denied based on the result of this authentication.
For information about configuring pass-through or Web authentication,
see the JUNOS Software Security Configuration Guide.
