Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

web-authentication (Access)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 8.5.

HTTPS for Web authentication is supported on SRX5400, SRX5600, and SRX5800 devices starting from Junos OS Release 12.1X44-D10 and on vSRX, SRX300, SRX320, SRX340, SRX345, SRX550M, and SRX1500 Services Gateways starting from Junos OS Release 15.1X49-D40.

Option timeout introduced in Junos OS Release 15.1X49-D130.

Description

Specify that users go through the Web authentication process. The user uses HTTP or HTTPS to access an IP address on the device that is enabled for Web authentication. In this scenario, the user does not use HTTP or HTTPS to access the IP address of the protected resource. The user is prompted for a username and password, which are verified by the device. Subsequent traffic from the user or host to the protected resource is allowed or denied based on the results of this authentication. This method of authentication differs from pass-through authentication in that users need to access the protected resource directly after accessing the Web authentication IP address and being authenticated.

Options

timeout seconds—Specify the timeout option in seconds. If you do not specify a timeout value, and if the web authentication process takes more than 3 seconds, your browser may display invalid username and password, even though the username and password is correct. For example, when you type a username and password in a browser for authentication, SRX Series device checks your account in the database, and after 3 seconds your web browser displays a message invalid username and password. However, after 10 seconds, SRX Series device receives a response from the database that the user authentication is successful, but SRX Series device could not notify you about successful authentication, due to 3 seconds timeout value. If you configure the timeout value from 5 through 60 seconds, then the browser waits for the SRX Series device to respond for the specified time.

Default: 3 seconds

Range: 5 through 60 seconds

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

access—To view this statement in the configuration.

access-control—To add this statement to the configuration.