Help Center User GuideGetting StartedFAQRelease Notes
User Guide
Getting Started
Release Notes

Understanding Captive Portal Support for Unauthenticated Browser Users

When an unauthenticated user requests access to an SRX Series protected resource using an HTTP or HTTPS browser, the SRX Series device presents the user with a captive portal interface to allow the user to authenticate. Normally, this process occurs without interference. However, prior to introduction of this feature, HTTP or HTTPS-based workstation services running in the background, such as Microsoft updates and control checks, could trigger captive portal authentication before the HTTP or HTTPS browser-based user’s access request did. The situation posed a race condition. If a background process triggered captive portal first, the SRX Series device presented it with a “401 Unauthorized” page. The service discarded the page without informing the browser, and the browser user was never presented with the authentication portal. The SRX Series device did not support simultaneous authentication from the same source IP address on different SPUs.

The SRX Series device now supports simultaneous HTTP or HTTPS pass through authentication across multiple SPUs, including support for web-redirect authentication. If an HTTP or HTTPS packet arrives while the SPU is querying the Captive Portal (CP), the SRX Series device queues the packet to be handled later.

Starting in Junos Space Security Director Release 17.1, Security Director supports Auth Only Browser and Auth User Agent parameters to give you high control over how HTTP or HTTPS traffic is handled.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support